Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-44002

A flaw was found in vm2 before 3.11.0. The CallSite wrapper blocks getThis and getFunction but returns unsanitized host absolute paths from getFileName, allowing sandboxed code to learn host directory layout, library paths, and framework versions. Fixed in 3.11.0...

5.8CVSS5.8AI score0.00241EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from the CallSite wrapper class allowing...

5.8CVSS5.9AI score0.00241EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38393

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description The CallSite wrapper class, designed as a safe wrapper for V8's native CallSite, fails to sanitize the output of the getFileName function. While the class blocks getThis and getFunction to prevent host...

5.8CVSS5.9AI score0.00241EPSS
Exploits1References7
OSV
OSV
added 2024/11/20 9:15 p.m.4 views

CVE-2024-52677

HkCms = v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php...

9.8CVSS5.8AI score0.00618EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.13 views

PT-2024-35410 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms versions prior to 2.3.2.240702 Description: The issue concerns a file upload vulnerability in the getFileName method located in /app/common/library/Upload.php. Recommendations: For versions prior to 2.3.2.240702, consider disabling the...

9.8CVSS6.9AI score0.00618EPSS
Exploits0References6
Rows per page
Query Builder