Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36204 matches found

Snyk
Snykadded 2026/05/04 6:27 p.m.6 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the resetPromiseSpecies function. An attacker can execute arbitrary commands on the host system by escaping from the...

10CVSS7.8AI score0.04929EPSS
Exploits5References2
Snyk
Snykadded 2026/05/04 6:27 p.m.2 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection via the SuppressedError. An attacker can execute arbitrary code outside the intended sandbox environment by...

10CVSS6.4AI score0.00088EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 5:28 p.m.6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed characters to access unintended data. Note: This is only exploitable if the...

8.1CVSS6.2AI score0.00028EPSS
Exploits0References2
Snyk
Snykadded 2026/05/04 4:29 p.m.6 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands o...

9.8CVSS6.3AI score0.00176EPSS
Exploits1References2
Snyk
Snykadded 2026/05/04 4:29 p.m.4 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands on the host syste...

9.8CVSS6.3AI score0.00176EPSS
Exploits1References2
NVD
NVDadded 2026/05/04 4:16 p.m.3 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

8.1CVSS0.00028EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/04 4:6 p.m.4 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-34197)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-34197 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-34197 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broke...

8.8CVSS7.9AI score0.83461EPSS
Exploits11Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/04 3:17 p.m.2 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00028EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 3:17 p.m.2 views

EUVD-2026-26979

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00028EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/04 2:25 p.m.3 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Avro Java SDK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.3CVSS7.1AI score0.00057EPSS
Exploits0Affected Software2
NVD
NVDadded 2026/05/04 12:16 p.m.3 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.00068EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 11:53 a.m.1 views

EUVD-2026-26945

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS5.8AI score0.00068EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 11:53 a.m.26 views

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.00068EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 11:53 a.m.6 views

CVE-2026-3120

Affected product: SambaBox (Profelis Information and Consulting) – versions 5.1 up to 5.3 (exclusive). Issue: Improper control of code generation leading to OS command injection. This is a network-vector vulnerability with no user interaction, potentially enabling remote command execution; CVSSv3...

7.2CVSS5.8AI score0.00068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 11:53 a.m.5 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS5.8AI score0.00068EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.6 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability, which stemmed from a sandbox escape vulnerability. This...

9.8CVSS6.3AI score0.00176EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.4 views

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

8.8CVSS6.2AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.6 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from an sandbox escape exploit throug...

9.8CVSS6.3AI score0.00186EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.7 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.5 had a code injection vulnerability. This vulnerability stems from insufficient fixes to CVE-2023-374...

9.8CVSS6.3AI score0.00129EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/04 12:0 a.m.5 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from the SuppressedError feature, whi...

10CVSS6.3AI score0.00088EPSS
Exploits1References1
Rows per page
Query Builder