RHCOS 3 : OpenShift Container Platform 3.11.542 (RHSA-2021:3915)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3915 advisory. - kubernetes: Node disk DOS by writing to container /etc/hosts CVE-2020-8557 Note that Nessus has not tested for this issue but has instead...

@evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts

Summary The validator-mode sandbox executor src/gep/validator/sandboxExecutor.js places npm and npx in its hard executable allowlist. Because npm install and npx -y -p execute arbitrary code by design preinstall/install/postinstall lifecycle scripts and remote-package bin entries, and because...

GHSA-JXH8-JH77-XH6G @evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE from Hub-delivered validation tasks via lifecycle scripts

Summary The validator-mode sandbox executor src/gep/validator/sandboxExecutor.js places npm and npx in its hard executable allowlist. Because npm install and npx -y -p execute arbitrary code by design preinstall/install/postinstall lifecycle scripts and remote-package bin entries, and because...

EUVD-2026-27133

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback...

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

CVE-2026-42223

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag...

Malicious code in @rivianlabs/bedrock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d12061e491ebc9109496b77ffd62384bba9a781ac9f0579343a61c5742df351 The package @rivianlabs/bedrock was found to contain malicious code. Source: ossf-package-analysis...

NPM: OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

NPM: OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

nuts-node has JWT type confusion in v1 access token introspection that allows VP replay as access token

Summary The v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims. This allows a Verifiable Presentation VP JWT to be replayed as an access token and...

VM2 Has a WASM Sandbox Escape (Node 25 only)

Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...

NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)

NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...

GHSA-FFH4-J6H5-PG66 VM2 Has a WASM Sandbox Escape (Node 25 only)

Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...

GHSA-55HX-C926-FR95 VM2 Has a Sandbox Escape Issue via SuppressedError

In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...

VM2 Has a Sandbox Escape Issue via SuppressedError

In vm2 v3.10.4 on Node.js v24.13.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. PoC js const VM = require"vm2"; const vm = new VM; vm.run const ds = new DisposableStack; ds.defer = throw null; ; ds.defer = const e = Error; e.name = Symbol; e.stack; ; try...

EUVD-2026-26993

VM2 Has a Sandbox Escape Issue via SuppressedError...

EUVD-2026-26987

VM2 Has Sandbox Breakout Through Inspect Function...

MAL-2026-3345 Malicious code in deployment-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...