25460 matches found
CVE-2026-21053
CVE-2026-21053 describes an inability to properly validate input in Samsung Email before 6.2.13.1, allowing local attackers to create arbitrary files inside the app sandbox. Affected product/version: Samsung Email prior to 6.2.13.1. Root cause: improper input validation in the application. Impact...
NestJS DevTools Integration - Remote Code Execution
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin versions 1.49 and earlier within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on th...
Mesop AI Sandbox <= 1.2.2 - Remote Code Execution
Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
CVE-2026-54769
Langroid versions prior to 0.65.2 are affected by a critical Sandbox Escape leading to Remote Code Execution via incomplete mitigation in the TableChatAgent and VectorStore. The root cause is the use of eval() with an empty locals dict under full_eval=True, where builtins is not scrubbed from glo...
CVE-2026-13461
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...
EUVD-2026-42635
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...
CVE-2026-13461
CVE-2026-13461 affects PayRange 7.0.7. When combined with an SSL bypass vulnerability, JavaScript can be injected into a WebView, allowing the attacker to escape the WebView sandbox and perform dangerous actions on the user’s device. The provided documents do not include exploit code, affected pr...
firefox: thunderbird: Sandbox escape in the DOM: Workers component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component...
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Sandbox escape in the DOM: Navigation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Sandbox escape in the DOM: Navigation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...