CVE-2026-44003

A flaw was found in vm2 before 3.11.0. A code transformer fast-path skips AST analysis when catch, import, and async are absent, allowing direct access to VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL and internal security functions handleException, wrapWith, import. Fixed in 3.11.0...

CVE-2026-44003

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

CVE-2026-44003

vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It allows for the execution of untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem fro...

EUVD-2007-6605

Malware in sbrugna...

EUVD-2021-8916

Malicious code in bioql PyPI...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

The vulnerability of the CyberArk Identity Management access control system, related to the implementation of security functions at the client side, allows attackers to increase their privileges.

The vulnerability of the CyberArk Identity Management access control system lies in the implementation of security functions at the client side. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the FortiSandbox threat detection and mitigation system, related to the implementation of security functions at the client side, allows a perpetrator to modify the device’s configuration.

The vulnerability of the FortiSandbox threat detection and mitigation system is related to the implementation of security functions at the client side. Exploiting this vulnerability could allow a malicious actor to modify the device’s configuration...

The vulnerability of the SSH protocol lies in its ability to adjust packet sequence numbers during connection negotiation and to delete any number of SSH protocol messages. This allows attackers to bypass integrity checks, disable existing security functions, and gain unauthorized access to protected information.

The vulnerability of the SSH protocol lies in the ability to alter the sequence numbers of packets during the connection negotiation process, thereby eliminating any number of SSH protocol messages. Exploiting this vulnerability allows a malicious actor to bypass integrity checks, disable existin...

The vulnerability of the Adobe Framemaker desktop publishing system, related to the ability to bypass security functions, allows attackers to circumvent existing security restrictions.

The vulnerability of the desktop publishing system Adobe Framemaker relates to the bypassing of security functions. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

Design/Logic Flaw

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

The vulnerability of the Moodle administration system, related to errors in user permission separation, allows a violator to bypass security functions.

The vulnerability of the Moodle administration system is related to errors in user permission allocation. Exploiting this vulnerability could allow a malicious actor to bypass security functions remotely...

The vulnerability in the driver/firmware/EFI code of the Linux operating system allows a hacker to bypass security restrictions.

The vulnerability in the driver/firmware/EFI code of the Linux operating system relates to bypassing security functions. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

The vulnerability in the driver for the Early Launch Antimalware (ELAM) security technology of Microsoft Windows allows a malicious actor to bypass security functions.

The vulnerability of the driver for the Early Launch Antimalware ELAM security technology for Microsoft Windows relates to the disclosure of information. Exploiting this vulnerability could allow a hacker to bypass security functions...

CVE-2020-17533

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and...