CVE-2026-44008

A flaw was found in vm2 before 3.11.2. The neutralizeArraySpeciesBatch method can invoke host-side getters on array prototypes, exposing host objects and the host Function into the sandbox for escape and arbitrary command execution. Fixed in 3.11.2. Mitigation Upgrade to vm2 3.11.2 or later...

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the localPromise constructor in lib/setup-sandbox.js. An attacker can obta...

PT-2026-45062

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspace id/issues/issue id/activity endpoint is gated by require workspace memberworkspace id and dispatches to ActivityService.list for issueissue id, which executes SELECT FROM activity WHERE issue id = :issue id with no...

PT-2026-39191

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An attacker can supply...

PT-2026-25668

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumb AAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos o...

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

CVE-2026-27835

Issue summary. CVE-2026-27835 affects wger (versions up to 2.4). The vulnerable components are RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet, whose get_queryset() returns all objects (using .all()) instead of filtering by the authenticated user, enabling an authenticated user to enumer...

EUVD-2023-3022

Malicious code in bioql PyPI...

CVE-2020-35934

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

WordPress plugin WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

UBUNTU-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

GHSA-3VX3-XF6Q-R5XP Exposure of Resource to Wrong Sphere in Apache Tomcat

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...

CVE-2019-5687

NVIDIA Windows GPU Display Driver all versions contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor...

CVE-2003-0935

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed...