Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.5 views

CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 6:31 p.m.8 views

EUVD-2026-20993

Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the Node.js Function...

8.8CVSS6.4AI score0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 5:57 p.m.3 views

CVE-2026-39911 Hashgraph Guardian 3.5.1 Unsandboxed JavaScript Execution RCE

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 5:57 p.m.22 views

CVE-2026-39911

Hashgraph Guardian up to version 3.5.0 exposes an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker. Authenticated Standard Registry users can pass user-supplied JavaScript expressions to the Node.js Function() constructor, enabling arbitrary code execution wi...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31677

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions through 3.5.0 Description Hashgraph Guardian through version 3.5.0 has an unsandboxed JavaScript execution issue in the Custom Logic policy block worker. Authenticated Standard Registry users can execute arbitrary...

8.8CVSS6.2AI score0.00545EPSS
Exploits0References6
Rows per page
Query Builder