Docker Model Runner 安全漏洞

Docker Model Runner is an open-source Docker model runner developed by Docker. Docker Model Runner vllm-metal contains a security vulnerability. This vulnerability arises from setting trustremotecode=True without any sandbox protection. It may allow arbitrary Python files to be executed during...

GHSA-XJ4F-8JJG-VX4Q OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange

Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...

CVE-2026-32046 OpenClaw < 2026.2.21 - OS-level Sandbox Bypass via --no-sandbox Flag

OpenClaw versions prior to 2026.2.21 contain an improper sandbox configuration vulnerability that allows attackers to execute arbitrary code by exploiting renderer-side vulnerabilities without requiring a sandbox escape. Attackers can leverage the disabled OS-level sandbox protections in the...

Incorrect Permission Assignment for Critical Resource

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the browser container launching Chromium with the --no-sandbox flag enabled by default, which disables OS-level sandbox...

GHSA-43X4-G22P-3HRQ OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container

Summary Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections. Affected Packages / Versions - Package: openclaw npm ecosystem - Latest published npm version at triage time 2026-02-21: 2026.2.19-2 - Affected range: = 2026.2.19-2...

CVE-2023-45592

A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...

CVE-2023-45592

A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...

PT-2024-13256 · Google · Chromium-Browser

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser exacerbates the impacts of successful attacks executed against the browser. This...

CVE-2022-40182

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

多款Siemens产品安全漏洞

Siemens Desigo PX is a building automation control system from Siemens, Germany. A security vulnerability exists in a number of Siemens products that stems from the device's embedded Chromium-based browser being launched as root with the "--no-sandbox" option. An attacker could add arbitrary...

PuzzleMaker attacks with Chrome zero-day exploit chain

On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for...

Google Chrome SimplfiedLowering Integer Overflow Exploit

This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 64 bit. The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1...

Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 80 JSCreate side-effect type confusion exploit', 'Description' = %q This module exploits an issue in Google Chrome 80.0.3987.87 64...

Google Chrome 72 / 73 Array.map Corruption Exploit

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to...

Google Chrome 80 JSCreate Side-Effect Type Confusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 80 JSCreate side-effect type confusion exploit', 'Description' = %q This module exploits an issue in Google Chrome 80.0.3987.87 64...

Google Chrome 80 JSCreate side-effect type confusion exploit

This module exploits an issue in Google Chrome 80.0.3987.87 64 bit. The exploit corrupts the length of a float array floatrel, which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array uint64aarw which is used for...

Google Chrome 72 and 73 Array.map exploit

This module exploits an issue in Chrome 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RW...