252572 matches found
VM2 Has a Sandbox Escape Issue via SuppressedError
In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...
EUVD-2026-26993
VM2 Has a Sandbox Escape Issue via SuppressedError...
GHSA-55HX-C926-FR95 VM2 Has a Sandbox Escape Issue via SuppressedError
In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...
EUVD-2026-26987
VM2 Has Sandbox Breakout Through Inspect Function...
MAL-2026-3345 Malicious code in deployment-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...
MAL-2026-3343 Malicious code in @atlan/connectors (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22a96e40cb459d89624b2ce0705942ad4d54d8279e780c66fe2d2fa3f727cef1 The package @atlan/connectors was found to contain malicious code. Source: ghsa-malware...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-42439 via openclaw (>=2026.3.22 <=2026.4.1)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-42439 Source advisory: SNYK:JS-OPENCLAW-16420273...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896 , This bulletin contains information regarding the vulnerability and its remediation...
Malicious code in trevlo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3414c71889d8ebf7ad09c9b0bf9ab63f8f6589e1e030e35e40a971b767f51ad1 The package trevlo was found to contain malicious code. Source: ghsa-malware 01d7778a4b391062b3f0b2200861fde5a0b4c750eb4ebab90d36940142ae9293 Any...
MAL-2026-3339 Malicious code in nf-ui-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5d1fc3aadbb204f6da1c0db37a6e1b540bdcc3964bd033d5657a067d7e246cc The package nf-ui-components was found to contain malicious code. Source: ghsa-malware 4ab8cac0b0cae1864121f4fd7223e6cb7bb0168d113ece4974f94aae4e2418...
CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...
CVE-2026-42434
OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...
CVE-2026-43870
Apache Thrift (before 0.23.0) contains multiple issues: Origin Validation Error, Path Traversal (improper limitation of a pathname to a restricted directory), HTTP header CRLF-related splitting, and uncontrolled resource consumption. Upgrade to 0.23.0 to fix. Exploitation status is not provided i...
CVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability
Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...
GHSA-X6WF-F3PX-WCQX vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...
GHSA-F6WW-3GGP-FR8H vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...
CVE-2026-41673 vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...
CVE-2026-41674 vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...
CVE-2026-41672 vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...
GHSA-2V35-W6HQ-6MFW vulnerabilities
Vulnerabilities for packages: sqlpad, npm, saf...