16860 matches found
CVE-2026-25641
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...
CVE-2026-25586
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
Antrea has invalid enforcement order for network policy rules caused by integer overflow
Impact Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. If a user creates ...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533
Enclave (enclave-vm) prior to version 2.10.1 contains multiple sandbox weaknesses: AST sanitization can be bypassed with dynamic property accesses; error object hardening does not cover vm module peculiarities; and function constructor access can be circumvented via host object references. The is...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-25641
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is...
CVE-2026-25520
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25586
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
CVE-2026-25587
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29...
CVE-2026-25586 SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
CVE-2026-25586
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
CVE-2026-25586
SandboxJS (JavaScript sandboxing library) is affected by a sandbox-escape vulnerability prior to version 0.8.29. The flaw allows shadowing hasOwnProperty on a sandbox object, disabling prototype whitelist enforcement in the property-access path. This enables direct access to proto and other block...
CVE-2026-25586 SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties,...
CVE-2026-25520 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25520 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25520 SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can b...
CVE-2026-25520
CVE-2026-25520 affects SandboxJS (JavaScript sandboxing library) prior to version 0.8.29. The underlying issue is that function return values aren’t wrapped, allowing attackers to use Object.values/Object.entries and Array.prototype.at to retrieve the host’s Function constructor. With access to t...
CVE-2026-25587
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29...