Lucene search
K

49 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2025-31197

Open Babel has heap buffer overflow in ChemKin ChemKinFormat::CheckSpecies...

7.8CVSS6.6AI score0.00224EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.6 views

CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

9.8CVSS6AI score0.00507EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:16 p.m.8 views

CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:40 p.m.12 views

GHSA-76W7-J9CQ-RX2J vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/29 5:40 p.m.7 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the localPromise constructor in lib/setup-sandbox.js. An attacker can obta...

10CVSS6AI score0.0051EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 5:40 p.m.56 views

vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The localPromise constructor was changed to call this.thenundefined, eater to ensure a rejected promise i...

10CVSS6.5AI score0.0051EPSS
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.13 views

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

5.9AI score
Exploits0
CVE
CVE
added 2026/05/13 5:35 p.m.33 views

CVE-2026-44008

CVE-2026-44008 describes a vm2 sandbox escape in the Node.js vm2 library. Before version 3.11.2, the method neutralizeArraySpeciesBatch could interact with objects from the outside and, via a getter on Array.prototype, expose host objects to the sandbox, allowing an attacker to access the host Fu...

9.8CVSS6.3AI score0.00851EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/13 5:35 p.m.55 views

CVE-2026-44008 vm2: Snabox breakout via `neutralizeArraySpeciesBatch`

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this side via getter on the array prototype exposing objects of the wrong side into the sandbox. This can be used to get host objects...

9.8CVSS0.00851EPSS
Exploits1References1
OSV
OSV
added 2026/05/08 3:58 p.m.7 views

GHSA-9QJ6-QJGG-37QQ vm2 has sandbox breakout via `neutralizeArraySpeciesBatch`

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The new method neutralizeArraySpeciesBatch works with objects from the other side but can call into this...

9.8CVSS6.4AI score0.00851EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/05/05 4:23 p.m.15 views

NPM: VM2 Has Sandbox Breakout Through Promise Species

NPM: VM2 Has Sandbox Breakout Through Promise Species vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...

9.8CVSS6AI score0.00896EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/05 4:23 p.m.9 views

GHSA-QVJJ-29QF-HP7P VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/05 4:23 p.m.10 views

VM2 Has Sandbox Breakout Through Promise Species

Summary The fix for https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The fix for...

9.8CVSS6.5AI score0.00896EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/04 6:27 p.m.8 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the resetPromiseSpecies function. An attacker can execute arbitrary commands on the host system by escaping from the...

10CVSS7.8AI score0.02342EPSS
Exploits5References2
CVE
CVE
added 2026/05/04 4:31 p.m.21 views

CVE-2026-24120

Technical details about CVE-2026-24120 are not publicly available in the provided documents. The affected components, root cause, impact, and fixes are not specified here. Monitor for updates.

9.8CVSS7.7AI score0.00896EPSS
Exploits1References5Affected Software1
Schneier on Security
Schneier on Security
added 2026/01/30 10:5 p.m.4 views

Friday Squid Blogging: New Squid Species Discovered

A new species of squid. pretends to be a plant: Scientists have filmed a never-before-seen species of deep-sea squid burying itself upside down in the seafloor--a behavior never documented in cephalopods. They captured the bizarre scene while studying the depths of the Clarion-Clipperton Zone CCZ...

5.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/12/12 4:18 p.m.6 views

Security update for rhino

This update for rhino fixes the following issues: Update to version 1.7.15.1. Security issues fixed: CVE-2025-66453: high CPU consumption when processing specific numbers via the toFixed function bsc1254481. Other changes and issues fixed: Version 1.7.15: Basic support for "rest parameters"...

6.9CVSS7.1AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 4:18 p.m.2 views

SUSE-SU-2025:4390-1 Security update for rhino

This update for rhino fixes the following issues: Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing specific numbers via the toFixed function bsc1254481. Other changes and issues fixed: - Version 1.7.15: Basic support for 'rest parameters'...

7.5CVSS6.9AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2025/09/26 3:15 a.m.6 views

CVE-2025-10997

A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used...

7.8CVSS0.00224EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/26 2:32 a.m.11 views

CVE-2025-10997 Open Babel chemkinformat.cpp CheckSpecies heap-based overflow

A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used...

5.3CVSS0.00224EPSS
Exploits1References5
Rows per page
Query Builder