CVE-2026-32723

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

SandboxJS 竞争条件问题漏洞

SandboxJS is a security assessment tool developed by nyariv’s individual developer. Versions of SandboxJS prior to 0.8.35 contained a race condition vulnerability. This vulnerability stemmed from a timer’s execution quota bypass issue, which could allow, in multi-tenant scenarios, timer callbacks...

BIT-DISCOURSE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

CVE-2025-62401 Moodle: possible to bypass timer in timed assignments

An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment...

OpenJDK Swing timer-based security manager bypass (6907662)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, an...

Debian DSA-1485-2 : icedove - several vulnerabilities

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul...

Debian DSA-1484-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0412 Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discover...