Lucene search
K

635 matches found

Metasploit
Metasploit
added 4 days ago12 views

FTP Fetch, Generic x86 Debug Trap

Fetch and execute an x86 payload from an FTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/windows/ftp/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53144

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

5.5CVSS0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 8:38 a.m.4 views

EUVD-2026-39235

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

5.7AI score0.00122EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47209

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:14 p.m.11 views

CVE-2026-47209 vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:14 p.m.11 views

EUVD-2026-36440

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:14 p.m.42 views

CVE-2026-47209 vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...

8.6CVSS0.00287EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:14 p.m.24 views

CVE-2026-47209

vm2 (Node.js sandbox) had a vulnerability in the BaseHandler.set trap that ignores the receiver parameter and always writes to the host target, enabling inherited-property writes to leak onto host objects via prototype chains. This can allow attackers to assign Symbol-keyed properties (e.g., node...

8.6CVSS5.2AI score0.00287EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/29 5:49 p.m.16 views

vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

Summary The BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object inherits from the proxy via Object.create, the property assignment...

8.6CVSS6AI score0.00287EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/29 5:49 p.m.12 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

9.2CVSS6.3AI score0.00287EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 5:49 p.m.9 views

GHSA-C4CF-2HGV-2QV6 vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain

Summary The BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object inherits from the proxy via Object.create, the property assignment...

8.6CVSS6AI score0.00287EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/29 5:33 p.m.9 views

Improper Control of Dynamically-Managed Code Resources

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the lib/bridge.js apply trap and thisEnsureThis proto-walk. An attacke...

10CVSS6.1AI score0.004EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in snmptt

Before version 1.4.2 of SNMPTT, attackers could execute shell code through EXEC, PREXEC, or unknowntrapexec...

9.8CVSS7.9AI score0.02016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When navigating from within an iframe while requesting fullscreen access, a tab controlled by an attacker could prevent the browser from exiting fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

4.3CVSS6.4AI score0.00643EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debugtrapenable before writing dbgevfile. In an interrupt context, the write dbgevfile operation will be executed via a work queue. This will cause the write dbgevfile operation to be executed after...

5.5CVSS6AI score0.00263EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When resizing a popup while requesting fullscreen access, the popup becomes unable to exit the fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

7.5CVSS7.1AI score0.00652EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: parisc: Clearing stale IIR values during Instruction Access Rights Trap When a trap 7 Instruction Access Rights occurs, it means that the CPU could not execute an instruction due to missing execute permissions on the memory regio...

5.5CVSS5.9AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netdevsim: Avoid potential loops in nsimdevtrapreportwork. Many syzbot reports include the following trace 1. If nsimdevtrapreportwork cannot acquire the mutex, it should rearm itself at least one jiffie later. 1 Sending NMI...

5.5CVSS6.5AI score0.00225EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/07 3:54 a.m.7 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the proxy trap methods in createBridge in the bridge handler code. An attacker can leak a handler...

10CVSS6.2AI score0.00815EPSS
Exploits1References2
Rows per page
Query Builder