CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: vim (UTSA-2026-021495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021495 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2021-99615)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozilla Firefox, which can be exploited by attackers to use the CSP sandbox command, where loaded documents can escape the scripting restrictions of the sandbox by...

CVE-2016-7545

It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox...

Amazon Linux AMI : policycoreutils (ALAS-2016-765)

It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox. C Tenable Network...