Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2026/05/04 4:28 p.m.13 views

CVE-2026-24118

VM2 (Node.js VM/Sandbox) prior to version 3.11.0 contains a sandbox breakout vulnerability that allows attackers to escape the VM2 sandbox and run arbitrary commands on the host. Impact is described as high for confidentiality, integrity, and availability. The issue has been fixed in version 3.11...

9.8CVSS6.1AI score0.00162EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/04 4:28 p.m.5 views

CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...

9.8CVSS6.1AI score0.00162EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/02/04 3:15 a.m.1 views

CVE-2026-25142

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27...

10CVSS6AI score0.00258EPSS
Exploits1References1
NVD
NVDadded 2026/02/02 11:16 p.m.1 views

CVE-2026-25142

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27...

10CVSS0.00258EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/02 12:0 a.m.3 views

PT-2026-5727

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.27 Description SandboxJS is a JavaScript sandboxing library with an issue where the lookupGetter function is not properly restricted. This can allow obtaining prototypes, potentially leading to sandbox escape an...

10CVSS5.9AI score0.00258EPSS
Exploits1References11
CNNVD
CNNVDadded 2026/02/02 12:0 a.m.1 views

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.27 contained a code injection vulnerability. This vulnerability stemmed from improper restrictions on lookupGetter, which could lead to sandbox escape or remote code execution...

10CVSS6.1AI score0.00258EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/02 12:0 a.m.2 views

PT-2026-6406

Summary SandboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. Details https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.tsL368-L398 The Object...

10CVSS5.9AI score0.00258EPSS
Exploits1References6
SUSE CVE
SUSE CVEadded 2023/02/15 5:57 a.m.2 views

SUSE CVE-2010-3183

The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.lookupGetter function calls that lack arguments, which allows remote attackers to...

9.3CVSS9.2AI score0.06976EPSS
Exploits1References7
Rows per page
Query Builder