CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11950 matches found

CVE-2026-47140

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically process and inspector/promises. A...

10CVSS5.6AI score0.00883EPSS

Exploits0References6

NVD•added 5 days ago•10 views

CVE-2026-47140

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, workerthreads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach...

10CVSS0.00883EPSS

Exploits0References3

EUVD•added 5 days ago•6 views

EUVD-2026-36444

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS5.2AI score0.00492EPSS

Exploits0References3

Positive Technologies•added 5 days ago•9 views

PT-2026-48843

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an...

6.7CVSS5.2AI score0.0016EPSS

Exploits0References4

Tenable Nessus•added 5 days ago•5 views

EulerOS Virtualization 2.13.1 : systemd (EulerOS-SA-2026-2390)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...

6.7CVSS6AI score0.00142EPSS

Exploits0References4

Tenable Nessus•added 5 days ago•5 views

EulerOS Virtualization 2.13.0 : systemd (EulerOS-SA-2026-2419)

6.7CVSS5.9AI score0.00142EPSS

Exploits0References4

GithubExploit•added 6 days ago•43 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-23111 nftables LPE: exposure check and safe lab Def...

7.8CVSS5.9AI score0.00193EPSS

Exploits5

RedhatCVE•added 6 days ago•8 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00111EPSS

Exploits1References1

OSV•added 6 days ago•4 views

MAL-2026-5657 Malicious code in @iobeya/spa-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9a974281dcc6456d815e6cb8b755c3084c7ba2d4026264474e459681a9a25cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 6 days ago•5 views

Malicious code in ozonex-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5e40322806de6c1fc8ca77941438b3481f3f12059a9c34d13645c2a4b8a82c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSSF Malicious Packages•added 6 days ago•7 views

Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

5.5AI score

Exploits0References1