CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...

nest 命令注入漏洞

nest is a Node.js framework open-sourced by nestjs for building efficient, scalable and enterprise-class server-side applications using TypeScript/JavaScript. A command injection vulnerability exists in nest 0.2.0 and earlier versions, which stems from the presence of an insecure JavaScript sandb...

GHSA-WG6P-JMPC-XJMR Backstage Scaffolder plugin has insecure sandbox

The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugi...