Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

197214 matches found

Snyk
Snykadded 2026/05/04 6:27 p.m.6 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the resetPromiseSpecies function. An attacker can execute arbitrary commands on the host system by escaping from the...

10CVSS7.8AI score0.04929EPSS
Exploits5References2
Snyk
Snykadded 2026/05/04 6:27 p.m.6 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

9.8CVSS6.3AI score0.00129EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 6:27 p.m.7 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by leveraging this...

10CVSS6.4AI score0.00088EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 6:27 p.m.3 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...

10CVSS6.4AI score0.00088EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 6:27 p.m.5 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the...

9.8CVSS6.3AI score0.00129EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 6:26 p.m.6 views

Eval Injection

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Eval Injection via the eval function when processing code generated by large language models with built-in functions available in the execution scope. An attacker...

8.6CVSS6.2AI score0.00027EPSS
Exploits0References2
CVE
CVEadded 2026/05/04 6:5 p.m.11 views

CVE-2026-29004

BusyBox prior to commit 42202bf contains a heap buffer overflow in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler (networking/udhcp/d6_dhcpc.c). Attackers on the network-adjacent path can trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS op...

8.1CVSS6.5AI score0.00016EPSS
Exploits0References5
Snyk
Snykadded 2026/05/04 5:28 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed characters to access unintended data. Note: This is only exploitable if the...

8.1CVSS6.2AI score0.00028EPSS
Exploits0References2
NVD
NVDadded 2026/05/04 5:16 p.m.4 views

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS0.00027EPSS
Exploits0References2
NVD
NVDadded 2026/05/04 5:16 p.m.4 views

CVE-2026-26332

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0...

10CVSS0.00088EPSS
Exploits1References2
NVD
NVDadded 2026/05/04 5:16 p.m.4 views

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

9.8CVSS0.00129EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/05/04 5:8 p.m.1 views

CVE-2025-70067

A flaw was found in Assimp, an open-source asset import library, specifically within its FBX Importer. This buffer overflow vulnerability occurs when processing a specially crafted FBX file. An attacker could exploit this by providing a malicious FBX file, causing a property key string to be copi...

9.8CVSS6.2AI score0.00058EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/04 4:57 p.m.22 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS0.00027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/04 4:57 p.m.1 views

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.3AI score0.00027EPSS
Exploits0References3
CVE
CVEadded 2026/05/04 4:57 p.m.5 views

CVE-2026-42079

PPTAgent (the PPTAgent framework) is affected by CVE-2026-42079 due to an arbitrary code execution flaw: Python eval() executes LLM-generated code with builtins in scope. This vulnerability existed prior to commit 418491a and has been patched in that commit. The issue is triggered locally (attack...

8.6CVSS6.3AI score0.00027EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/04 4:57 p.m.3 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.3AI score0.00027EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/05/04 4:55 p.m.6 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume th...

7.5CVSS5.9AI score0.00017EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/05/04 4:37 p.m.3 views

CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

9.8CVSS6AI score0.00129EPSS
Exploits1References2
CVE
CVEadded 2026/05/04 4:37 p.m.17 views

CVE-2026-26956

CVE-2026-26956 concerns the vm2 sandbox for Node.js. Affected: vm2 v3.10.4 allows full sandbox escape enabling arbitrary code execution when code runs inside VM.run(); attacker code can access the host process and execute host commands. Patch available in v3.10.5. Impact flags from CVSS indicate ...

9.8CVSS6AI score0.00129EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/04 4:35 p.m.23 views

CVE-2026-26332 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0...

9.8CVSS0.00088EPSS
Exploits1References2
Rows per page
Query Builder