Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/06/04 9:5 p.m.6 views

ROOT-APP-NPM-CVE-2026-44007 CVE-2026-44007 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44007 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00776EPSS
Exploits1
vulnersOsv
vulnersOsvadded 2026/05/07 4:33 a.m.4 views

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-43998 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-43998 Source advisory: SNYK:JS-VM2-16439013...

8.5CVSS5.4AI score0.00626EPSS
Exploits1
OSV
OSVadded 2026/05/07 4:10 a.m.3 views

GHSA-HW58-P9XV-2MJH vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10.2 only sanitized the onRejected callback in .then and...

8.6CVSS5.9AI score0.00339EPSS
Exploits1References5
vulnersOsv
vulnersOsvadded 2026/05/04 6:27 p.m.6 views

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-26332 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-26332 Source advisory: SNYK:JS-VM2-16419533...

10CVSS5.8AI score0.00576EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/04 4:28 p.m.32 views

CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS0.00886EPSS
Exploits1References4
OSV
OSVadded 2022/12/21 6:30 a.m.3 views

GHSA-4W2J-2RG4-5MJW vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS7.2AI score0.01425EPSS
Exploits1References6
Rows per page
Query Builder