Google Chrome < 146.0.7680.177 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.177. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop31 advisory. - Use after free in Compositing in Google Chrome prior to 146.0.7680.178...

Amazon Linux 2023 : golist (ALAS2023-2026-1513)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1513 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...

Medium: golist

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

PT-2026-35854

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description An out of bounds read and write issue exists in Angle, which could allow a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Recommendations Update ...

SUSE CVE-2026-28859

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox...

MGASA-2026-0077 Updated vim packages fix security vulnerability

Vim tabpanel modeline escape affects Vim 9.2.0272...

Updated vim packages fix security vulnerability

Vim tabpanel modeline escape affects Vim 9.2.0272...

CVE-2026-34452

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34451

CVE-2026-34451 — Claude SDK for TypeScript (Anthropic) . The local filesystem memory tool in the Anthropic TypeScript SDK (server-side) from version 0.79.0 up to before 0.81.0 validates model-supplied paths via a string prefix check that omits a trailing path separator, allowing a crafted path to...

CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

CVE-2026-34452

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34452 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34452 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34452

CVE-2026-34452 (Claude SDK for Python) affects the async local filesystem memory tool in the Anthropic Python SDK. From versions 0.86.0 up to before 0.87.0, path validation incorrectly allowed union of model-supplied paths to be validated inside the sandbox but the unresolved path to be used for ...

CVE-2026-34452 Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

CVE-2026-34156

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-34156

NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...