CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-26081

Malicious code in bioql PyPI...

9CVSS6.8AI score0.01631EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 10:17 a.m.•3 views

CVE-2024-29021

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery SSRF. This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the...

9CVSS7.4AI score0.01631EPSS

Exploits0References1

Packet Storm•added 2025/02/28 12:0 a.m.•247 views

Judge0 1.13.0 Code Execution

Judge0 version 1.13.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Judge0 v 1.13.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

7.9AI score

Exploits0

RedhatCVE•added 2025/02/05 12:57 a.m.•4 views

CVE-2024-28189

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...

10CVSS7.5AI score0.65016EPSS

Exploits3References1

RedhatCVE•added 2025/02/05 12:56 a.m.•3 views

CVE-2024-28185

Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a...

10CVSS7.1AI score0.65016EPSS

Exploits3References1

Metasploit•added 2024/11/21 6:54 p.m.•698 views

Judge0 sandbox escape

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. Module Options msf use exploit/linux/http/judge0sandboxescapecve202428189 msf...

9.3AI score

Exploits0

Packet Storm•added 2024/11/21 12:0 a.m.•408 views

Judge0 Sandbox Escape

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Judge0 sandbox escape', 'Description' = %q Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an...

10CVSS7.4AI score0.65016EPSS

Exploits3

0day.today•added 2024/11/21 12:0 a.m.•123 views

Judge0 Sandbox Escape Exploit

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. This module requires Metasploit: https://metasploit.com/download Current source:...

10CVSS7.8AI score0.65016EPSS

Exploits3

The Hacker News•added 2024/04/29 9:58 a.m.•24 views

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and...

10CVSS8.7AI score0.65016EPSS

Exploits3

NVD•added 2024/04/18 3:15 p.m.•11 views

CVE-2024-28185

10CVSS9.8AI score0.65016EPSS

Exploits3References3

NVD•added 2024/04/18 3:15 p.m.•9 views

CVE-2024-29021

9CVSS9.2AI score0.01631EPSS

Exploits0References2

NVD•added 2024/04/18 3:15 p.m.•11 views

CVE-2024-28189

10CVSS9.7AI score0.57578EPSS

Exploits2References4

Vulnrichment•added 2024/04/18 2:43 p.m.•9 views

CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration

9CVSS7.4AI score0.01631EPSS

Exploits0References2

Cvelist•added 2024/04/18 2:43 p.m.•17 views

CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration

9CVSS9.3AI score0.01631EPSS

Exploits0References2

CVE•added 2024/04/18 2:43 p.m.•77 views

CVE-2024-29021

Jud ge0: The SSRF-based sandbox escape (CVE-2024-29021) arises from Judge0’s default sandbox configuration and its isolate_job.rb flow, enabling an attacker with API access to achieve unsandboxed code execution as root inside the host when using vulnerable defaults. Affected component: Judge0 ope...

9CVSS7.2AI score0.01631EPSS

Exploits0References2

OSV•added 2024/04/18 2:43 p.m.•1 views

CVE-2024-29021 SSRF into Sandbox Escape through Unsafe Default Configuration

9CVSS7.7AI score0.01631EPSS

Exploits0References4

Vulnrichment•added 2024/04/18 2:40 p.m.•16 views

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

10CVSS7.5AI score0.57578EPSS

Exploits2References4

OSV•added 2024/04/18 2:40 p.m.•24 views

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

10CVSS8.9AI score0.57578EPSS

Exploits2References6

CVE•added 2024/04/18 2:40 p.m.•86 views

CVE-2024-28189

Judge0 sandbox escape (CVE-2024-28189) arises when the sandbox writes run_script to its directory and an attacker uses a symbolic link to target files outside the sandbox. This allows chown to be executed on arbitrary outside-of-sandbox files, enabling a sandbox escape and potentially complete RC...

10CVSS9.6AI score0.57578EPSS

Exploits2References4

Cvelist•added 2024/04/18 2:40 p.m.•16 views

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

10CVSS9.9AI score0.57578EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by