CVE-2026-34208

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects for example Math.random = ..., but this protection can be bypassed through an exposed callable constructor path: this.constructor.calltarget, attackerObject. Because this.constructo...

OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...