firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component...

CVE-2025-11165

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

UBUNTU-CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

CVE-2026-27597

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597

Summary: CVE-2026-27597 affects Enclave’s secure JavaScript sandbox with a vulnerability in the @enclave-vm/core boundaries prior to 2.11.1, allowing an attacker to escape the sandbox and achieve remote code execution. The issue is mitigated by upgrading to version 2.11.1, where the boundary esca...

CVE-2026-21443

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the xl translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts xlt for HTML, xla for attributes, xlj for...

EUVD-2026-8578

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the xl translation function returns unescaped strings. While wrapper functions exist for escaping in different contexts xlt for HTML, xla for attributes, xlj for...

SUSE CVE-2026-2760

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

SUSE CVE-2026-2761

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

SUSE CVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

SUSE CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained security vulnerabilities. These vulnerabilities stemmed from insufficient sandbox restrictions on certain built-in Python objects in the Python Code node. This...

Linux Distros Unpatched Vulnerability : CVE-2026-2776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR...

Linux Distros Unpatched Vulnerability : CVE-2026-2760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firef...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...

ALSA-2026:3338 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

PT-2026-22029

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description An authenticated user with permission to create or modify workflows could exploit the Python Code node to escape the sandbox. The sandbox did n...