Lucene search
K

873 matches found

OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1475 Jinja has a sandbox breakout through indirect reference to format method

An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...

7.8CVSS7.1AI score0.005EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 3:28 a.m.3 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:28 a.m.34 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 3:28 a.m.5 views

EUVD-2026-41998

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:28 a.m.18 views

CVE-2026-34158

Coolify (open-source self-hosted) prior to version 4.0.0-beta.469 is affected by a command-injection in the executeInDocker() helper. The function wraps user-controlled commands in single quotes, but fails to escape embedded single quotes, enabling an attacker who can edit application settings to...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 8:44 p.m.12 views

EUVD-2026-38009

Rancher vulnerable to command injection through unsanitized YAML parameter...

9.4CVSS5.8AI score0.01277EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 2:36 p.m.21 views

CVE-2026-27955

Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...

6.6CVSS5.9AI score0.00222EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive CVE-2026-44517 Note that Nessus relies on the presence of t...

6.1AI score
Exploits0References3
CVE
CVE
added 2026/06/26 4:23 p.m.18 views

CVE-2026-54636

CVE-2026-54636 concerns Dokku’s cron plugin, which prior to 0.38.7 used commands from app.json to manage system cron for the Dokku user. A cron entry containing shell metacharacters (e.g., >, ;) can escape the container and run commands on the host as the Dokku user, enabling OS command inject...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 5:35 p.m.4 views

GHSA-JF6W-2MVX-633J justhtml: to_markdown() code-span blank-line breakout enables XSS

justhtml: tomarkdown code-span blank-line breakout enables XSS Summary In justhtml 0.9.0 through 1.21.0, tomarkdown renders text and text inside a link as an inline Markdown code span whose only protection is backtick-fence length. A blank line \n\n in that text terminates the inline span in any...

6.1CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.25 views

PT-2026-50742

Name of the Vulnerable Software and Affected Versions Podman versions prior to 5.7.1 Description Running a malicious container image where the WORKDIR path contains a symlink can allow an attacker to create a directory or modify ownership on the host filesystem. Modifying ownership is less likely...

5.3CVSS5.9AI score0.00317EPSS
Exploits1References7
NVD
NVD
added 2026/06/12 3:16 p.m.14 views

CVE-2026-47208

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS0.0051EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:16 p.m.40 views

CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS0.0051EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:16 p.m.10 views

CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:16 p.m.21 views

CVE-2026-47208

Summary: CVE-2026-47208 affects vm2 prior to 3.11.4, enabling sandbox breakout and potential remote code execution. The root cause is in vm2’s sandbox implementation, where the localPromise constructor manipulates Promise.species and, via a crafted Promise subclass, can trigger a host-realm error...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.10 views

CVE-2025-24284

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

5.4AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:47 p.m.11 views

EUVD-2025-210114

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

8.8CVSS5.4AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.39 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS0.00262EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 5:40 p.m.64 views

vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 5:33 p.m.10 views

Improper Control of Dynamically-Managed Code Resources

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the lib/bridge.js apply trap and thisEnsureThis proto-walk. An attacker can obtain hos...

10CVSS6.1AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder