17974 matches found
CVE-2026-55668
The CVE affects File Browser’s ScopedFs component prior to version 2.63.16. An authenticated user with Create and Modify permissions can trigger ScopedFs to validate the nearest existing ancestor of a dangling symlink and then follow the symlink during file creation, allowing attacker‑controlled ...
CVE-2026-59194
A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...
CVE-2026-55437
CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...
EUVD-2026-42150
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...
PT-2026-56556
Name of the Vulnerable Software and Affected Versions Nomad Community Edition versions prior to 2.0.4 Nomad Enterprise versions prior to 2.0.4 Nomad Enterprise versions prior to 1.11.8 Nomad Enterprise versions prior to 1.10.14 Description A sandbox escape exists in the Docker task driver. This...
PT-2026-56604
Name of the Vulnerable Software and Affected Versions OpenJDK packages provided in Ubuntu affected versions not specified Description A sandbox escape issue exists where .jar MIME handlers execute files marked as executable if the mailcap package is installed. A malicious sandboxed application wi...
PT-2026-56549
Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.29 Composer versions prior to 2.10.2 Description A flaw in the binary installation flow allows a package bin entry containing .. path segments to resolve outside the package installation directory. This can lead ...
PT-2026-56638
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A race condition in the GetUserMedia function allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered via a...
PT-2026-56632
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.115 Description A use after free issue exists in the Autofill component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. ...
PT-2026-56639
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Core component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is...
PT-2026-56641
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description Insufficient validation of untrusted input in Codecs allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ...
GO-2026-4970 Root escape via symlink plus trailing slash in os
On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...
CVE-2026-46672
The CVE-2026-46672 entry describes a local CSV formula-injection flaw in the @actual-app/cli before version 26.6.0. The CLI uses a hand-rolled CSV serializer in packages/cli/src/output.ts with an escapeCsv that only neutralizes RFC 4180 delimiters (comma, quote, newline) and does not neutralize c...
CVE-2026-46672 Actual: CSV Formula Injection in `@actual-app/cli` `--format csv` Output via Custom `escapeCsv` Helper
Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...
CVE-2026-46672 Actual: CSV Formula Injection in `@actual-app/cli` `--format csv` Output via Custom `escapeCsv` Helper
Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not...
kernel: Arm Processors: Privilege escalation or information disclosure via writes to higher exception level resources
A flaw was found in the Linux kernel on ARM processors. A race condition in Translation Lookaside Buffer Invalidation TLBI operations during memory permission changes allows a local attacker to write to memory resources owned by higher privilege levels. This could allow an unprivileged local...
PYSEC-2026-1471 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component...