1351 matches found
CVE-2026-42234
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...
CVE-2026-42088
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...
CVE-2026-44334
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...
GHSA-8V3Q-9VMX-36VC DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
Summary DbGate's JSON script runner POST /runners/start allows remote code execution via code injection in the functionName parameter of JSON script assign commands. The functionName value is interpolated directly into dynamically generated JavaScript source code via string concatenation. The...
PT-2026-49158
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519671967 Crash type: Stack-buffer-overflow READ 1 Crash state: log4cxx::helpers::Transcoder::decode TranscoderFuzzer.cpp CentipedeRunnerMain...
GHSA-6VR3-7WCX-V5G5 browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...
browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49143 via browserstack-runner (>=0.2.1 <=0.9.4)
browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49143 Source advisory: OSV:GHSA-6VR3-7WCX-V5G5...
browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler
Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...
EUVD-2026-34031
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server...
browserstack-tape-runner (>=1.0.0 <=3.0.0), duplo (>=1.6.11 <=1.9.1) +4 more potentially affected by CVE-2026-49144 via browserstack-runner (>=0.2.1 <=0.9.4)
browserstack-runner NPM version =0.2.1, =1.0.0, =1.6.11, =0.1.4, =0.1.1, =2.0.2 - run-browserstack-tests =1.0.2 - yasmf-localization =0.0.2 Source cves: CVE-2026-49144 Source advisory: OSV:GHSA-8RPW-6CQH-2V9H...
GHSA-8RPW-6CQH-2V9H browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server
Summary The HTTP server in browserstack-runner serves files from the project directory via the default handler. This handler uses path.joinprocess.cwd, uri to resolve file paths but does not validate that the resulting path stays within the project root. Combined with the server binding on 0.0.0....
PT-2026-46088
Summary The HTTP server in browserstack-runner serves files from the project directory via the default handler. This handler uses path.joinprocess.cwd, uri to resolve file paths but does not validate that the resulting path stays within the project root. Combined with the server binding on 0.0.0....
CVE-2026-49143
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...
CVE-2026-49144
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
CVE-2026-49144
CVE-2026-49144 : BrowserStack Runner 0.9.5 contains a path traversal vulnerability in the _default HTTP handler (lib/server.js) that allows unauthenticated attackers on the network-adjacent interface to read arbitrary files outside the project root. The description notes an unauthenticated HTTP s...
CVE-2026-49144
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
CVE-2026-49143
CVE-2026-49143 affects BrowserStack Runner up to version 0.9.5. The vulnerability is in the /_log HTTP handler, permitting unauthenticated, network-adjacent attackers to achieve remote code execution by sending crafted JSON bodies that are passed to vm.runInNewContext() with eval(); attackers can...
CVE-2026-49143 BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...