CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

CLSA-2026-1770392948 glib2: Fix of CVE-2025-13601

CVE-2025-13601: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring function...

CLSA-2026-1770391959 glib2: Fix of CVE-2025-13601

CVE-2025-13601: Fix heap-based buffer overflow by correcting buffer size calculation in gescapeuristring function...

CVE-2026-25499

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been...

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability. This vulnerability stemmed from the execution of validation keys that did not match the keys used to access properties, which could lead to sandbox escape...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.29 contained security vulnerabilities; these vulnerabilities stemmed from unboxed function return values, which could allow arbitrary code to be executed outside of the sandbox...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability that could lead to sandbox escape by overriding Map.prototype.has...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005273 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescapefunction on 32-bit systems can cause an...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.29 contained a security vulnerability. This vulnerability stemmed from the use of hasOwnProperty to mask objects in the sandbox, allowing sandbox escape and disabling the prototy...

GHSA-7X3H-RM86-3342 @nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Details Even though the key used in property accesses b in the code below is annotated as string, this is never enforced:...

@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses

Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Details Even though the key used in property accesses b in the code below is annotated as string, this is never enforced:...

@nyariv/sandboxjs has a Sandbox Escape vulnerability

Summary As Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. Details This is effectively equivalent to CVE-2026-25142, but without lookupGetter let was used during testing, it turns out the let implementation is...

GHSA-66H4-QJ4X-38XP @nyariv/sandboxjs has a Sandbox Escape vulnerability

Summary As Map is in SAFEPROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. Details This is effectively equivalent to CVE-2026-25142, but without lookupGetter let was used during testing, it turns out the let implementation is...

GHSA-JJPW-65FV-8G48 @nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

Summary A sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties, enabling host Object.prototype pollution and persistent...

@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution

Summary A sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to proto and other blocked prototype properties, enabling host Object.prototype pollution and persistent...

@nyariv/sandboxjs has a Sandbox Escape issue

Summary The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox...

GHSA-58JH-XV4V-PCX4 @nyariv/sandboxjs has a Sandbox Escape issue

Summary The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox...

CVE-2026-25115

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

Infinite loop

Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...