Lucene search
+L

25876 matches found

Nuclei
Nuclei
added 9 hours ago70 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.7AI score0.05289EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago24 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS5.8AI score0.36503EPSS
Exploits7References3
Nuclei
Nuclei
added 9 hours ago171 views

Jenkins Script Security Plugin <=1.49 - Sandbox Bypass

A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin versions 1.49 and earlier within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on th...

8.8CVSS7.1AI score0.98428EPSS
Exploits17References6
NVD
NVD
added 12 hours ago5 views

CVE-2026-62201

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS
Exploits0References2
CVE
CVE
added 14 hours ago8 views

CVE-2026-62237

CVE-2026-62237 affects Grav before 2.0.4. The vulnerability is a ReDoS in the regex_replace filter and function that are allowlisted in the Twig content sandbox. When Twig processing of page content is enabled (security.twig_content.process_enabled: true), an authenticated page editor can supply ...

6.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-45083

Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...

6.5CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-45090

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS6.1AI score
Exploits0References2
CVE
CVE
added 14 hours ago5 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-46621

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-43725

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper input validation, potentially allowing access to resources that should be restricted...

7.1CVSS7AI score0.00314EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-43701

A flaw was found in WebKitGTK. A malicious website can process restricted web content outside the sandbox due to improper checks, potentially allowing access to resources that should be restricted...

7.1CVSS6.9AI score0.00182EPSS
Exploits0References5
CVE
CVE
added yesterday6 views

CVE-2026-5674

CVE-2026-5674 describes a vulnerability in PipeWire where the PulseAudio compatibility layer can be abused to escape sandboxed environments (e.g., Flatpak). An attacker with minimal sandbox permissions can load a malicious library, enabling arbitrary code execution outside the sandbox and potenti...

8.8CVSS6.4AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-44925

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References3
Nuclei
Nuclei
added yesterday157 views

NestJS DevTools Integration - Remote Code Execution

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

9.4CVSS7.5AI score0.43921EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added yesterday4 views

Linux Distros Unpatched Vulnerability : CVE-2026-15769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had...

8.3CVSS6.2AI score0.00236EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added yesterday5 views

Linux Distros Unpatched Vulnerability : CVE-2026-15774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a...

8.3CVSS6.2AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-45313

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and hproc fields from a GUIWNDHOOKREGISTER request without validating that the thread belongs to the...

7.7CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-45313

Summary: Sandboxie-Plus on Windows contains a local privilege escalation in GuiServer.cpp prior to v1.17.6. The GuiServer::WndHookRegisterSlave handler stores attacker-supplied hthread and hproc from GUI_WND_HOOK_REGISTER without validating thread belonging to the sandbox or the function pointer’...

7.7CVSS6.4AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-45313 Sandboxie-Plus: Sandboxie APC Injection Sandbox Escape

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and hproc fields from a GUIWNDHOOKREGISTER request without validating that the thread belongs to the...

7.7CVSS0.00108EPSS
Exploits0References2
Rows per page
Query Builder