Lucene search
+L

549 matches found

OSV
OSV
added yesterday1 views

ROOT-APP-NPM-AIKIDO-2026-10842 AIKIDO-2026-10842 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10842 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
OSV
OSV
added yesterday2 views

ROOT-APP-NPM-AIKIDO-2026-10846 AIKIDO-2026-10846 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10846 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
OSV
OSV
added yesterday2 views

ROOT-APP-NPM-AIKIDO-2026-10840 AIKIDO-2026-10840 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10840 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
OSV
OSV
added yesterday5 views

ROOT-APP-NPM-AIKIDO-2026-10190 AIKIDO-2026-10190 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10190 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
OSV
OSV
added yesterday2 views

ROOT-APP-NPM-AIKIDO-2026-10716 AIKIDO-2026-10716 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10716 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
OSV
OSV
added yesterday54 views

ROOT-APP-NPM-CVE-2026-44008 CVE-2026-44008 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44008 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

9.8CVSS6AI score0.00851EPSS
Exploits1
OSV
OSV
added yesterday45 views

ROOT-APP-NPM-CVE-2026-44001 CVE-2026-44001 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44001 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

8.6CVSS5.8AI score0.00448EPSS
Exploits1
OSV
OSV
added yesterday61 views

ROOT-APP-NPM-CVE-2026-44004 CVE-2026-44004 in @rootio/vm2 - Patched by Root

Root has patched CVE-2026-44004 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00424EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/25 10:59 p.m.9 views

CVE-2026-47208

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and...

10CVSS6.3AI score0.0051EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.11 views

CVE-2026-47141

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnosticschannel, asynchooks, and perfhooks. These builtins, which are designed for...

8.6CVSS5.7AI score0.00308EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.10 views

CVE-2026-47139

A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as httpclient and httpserver. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public...

8.6CVSS5.8AI score0.00282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.9 views

CVE-2026-47135

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox...

8.7CVSS6AI score0.00266EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/22 1:54 p.m.9 views

CVE-2026-47210

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous async support on runtimes that expose WebAssembly...

9.8CVSS6.1AI score0.00507EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2024-58351

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relie...

9.8CVSS0.00648EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.8 views

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...

10CVSS5.8AI score0.00382EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.10 views

CVE-2026-47131

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERRINVALIDARGTYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an...

10CVSS5.4AI score0.004EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47135

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47209

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-47137

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

10CVSS0.00382EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-47208

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS0.0051EPSS
Exploits0References3
Rows per page
Query Builder