Lucene search
+L

386 matches found

EUVD
EUVD
added 2026/06/30 1:37 p.m.8 views

EUVD-2026-40324

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:14 p.m.11 views

CVE-2026-47135 vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:14 p.m.27 views

CVE-2026-47135 vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:14 p.m.11 views

EUVD-2026-36442

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:14 p.m.55 views

CVE-2026-47135

CVE-2026-47135 vm2 sandbox escape : The vm2 sandbox (Node.js) before 3.11.4 exposes real cross-realm Node.js symbols due to an incomplete Symbol.for override (only blocks two of nine dangerous symbols) and missing isDangerousCrossRealmSymbol checks in bridge write traps (set/defineProperty/delete...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:14 p.m.5 views

CVE-2026-47135 vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.9AI score0.00266EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/10 2:27 p.m.16 views

Sandbox Escape

vm2 is vulnerable to Sandbox Escape. The vulnerability is due to incomplete protection of dangerous cross-realm symbols in setup-sandbox.js and missing validation in the bridge's set, defineProperty, and deleteProperty traps. This allows sandboxed code to obtain and manipulate real cross-realm...

8.7CVSS6.2AI score0.00266EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 12:40 p.m.10 views

CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 12:40 p.m.40 views

CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

6.7CVSS0.00151EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3074

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to download private debugging symbols from inaccessible projects due to improper access control...

4.3CVSS5.5AI score0.00199EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.21 views

Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research

The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/29 5:44 p.m.10 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...

9.5CVSS5.9AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 5:44 p.m.10 views

GHSA-M5Q2-4FM3-VFQP vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

Summary vm2 3.11.2 Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them...

8.7CVSS5.9AI score0.00266EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 5:44 p.m.14 views

vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

Summary vm2 3.11.2 Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them...

8.7CVSS5.9AI score0.00266EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-3074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libx11

A vulnerability was discovered in libX11 due to a boundary condition within the XkbReadKeySyms function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system...

6.5CVSS6.5AI score0.00633EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in binutils

A issue was discovered in elflinkinputbfd within elflink.c, part of the Binary File Descriptor BFD library also known as libbfd, as included in GNU Binutils 2.31. There is a NULL pointer dereferencing issue in elflinkinputbfd when it is used to find STTTLS symbols without a TLS section present. A...

5.5CVSS6.4AI score0.0232EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

7.5CVSS7.2AI score0.05418EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.16 views

Astra Linux – Vulnerability in binutils

A vulnerability was discovered in Binutils objdump prior to version 2.39.3. Attackers can exploit this vulnerability to cause a denial of service or other unspecified effects through the function comparesymbols...

7.8CVSS6.3AI score0.00404EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:22 a.m.14 views

Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

5.6AI score
Exploits0References5
Rows per page
Query Builder