Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Github Security Blog
Github Security Blogadded 2026/05/07 4:10 a.m.9 views

vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10.2 only sanitized the onRejected callback in .then and...

10CVSS7.6AI score0.00054EPSS
Exploits2References5Affected Software1
Veracode
Veracodeadded 2024/10/28 8:20 a.m.8 views

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial of Service DoS. The vulnerability is due to an unhandled promise rejection error caused by micromatch, which can allow an attacker to crash the server by making requests to certain paths...

7.5CVSS7AI score0.00364EPSS
Exploits1References4Affected Software1
Snyk
Snykadded 2024/10/18 4:6 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths. PoC 1 Run a server like this: js const express =...

8.7CVSS7AI score0.00364EPSS
Exploits1References2
Rows per page
Query Builder