Kernel-Dojo-Labs

Kernel-Dojo Lab An interactive practice environment for the...

ISPB

🛡️ AI-powered Security Scanner Platform A next-generation...

Astra Linux - уязвимость в dojo

All versions of the dojo package are vulnerable to Prototype Pollution through the setObject function...

Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).

Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2026-4800 via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2026-4800 Source advisory: OSV:GHSA-R5FR-RJXR-66JC...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHAMD-15869622...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117

CVE-2026-25117 concerns pwn.college DOJO, an education platform. Before commit e33da14449a5abcff507e554f66e2141d6683b0a, sandboxing was missing on routes starting with /workspace/*, allowing a challenge author to inject arbitrary JavaScript that runs in the same origin as the DOJO site. This cons...

EUVD-2026-4941

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

DOJO Cross-Site Scripting Vulnerabilities

DOJO is a JavaScript toolkit open source by pwn.college. pwn.college’s DOJO has a cross-site scripting vulnerability; this vulnerability stems from the lack of sandbox isolation, which may lead to sandbox escape and arbitrary JavaScript execution...

Exploit for CVE-2025-62376

Improper Authentication in pwn.college DOJO Education Platform...

Exploit for CVE-2025-62376

CVE-2025-62376: Local Privilege Escalation Exploit for Sudo...

CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...