105 matches found
RHEL 9 : firefox (RHSA-2026:22324)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22324 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
CVE-2026-6224
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
CVE-2026-11306
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...
CVE-2026-11000
Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-9897
Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-9368
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...
CVE-2026-9368
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...
CVE-2026-9368 NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...
EUVD-2026-31582
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...
PT-2026-42928
Name of the Vulnerable Software and Affected Versions hermes-agent versions prior to 2026.4.17 Description A remote attack can be launched against the Environment Variable Handler component. The issue resides in the execute code function within the tools/code execution tool.py file, where...
CVE-2026-7358
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
GHSA-H57C-V2V3-5V3V verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()
A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
EUVD-2026-25146
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878
Technical details are not publicly available in the provided documents for CVE-2026-6878. Monitor for updates as new information may be added.
CVE-2026-6878 ByteDance verl grader.py math_equal sandbox
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
PT-2026-34591
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math equal of the file prime math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.1 contained a security...
CVE-2026-6117
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function installpluginupload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...