1260 matches found
Improper Isolation or Compartmentalization
Overview dspy is a DSPy Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization via the PythonInterpreter class. An attacker can access arbitrary files by executing untrusted code within the sandbox. Remediation Upgrade dspy to version 3.1.2 or higher...
CVE-2025-12695
The CVE-2025-12695 vulnerability affects DSPy where an overly permissive sandbox around the PythonInterpreter allows reading sensitive files when running untrusted code in an AI agent. Public sources describe an arbitrary-file-read risk via the sandbox, with the affected component being DSPy’s sa...
CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...
CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...
openjdk: Enhance certificate handling (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...
openjdk: Enhance Path Factories (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...
openjdk: Enhance Path Factories (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...
Oracle Java SE Unspecified Vulnerability (Oct 2025) - Linux
Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Java SE Unspecified Vulnerability (Oct 2025) - Windows
Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-61927
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
EUVD-2025-33777
Happy DOM: VM Context Escape can lead to Remote Code Execution...
GHSA-37J7-FG3J-429F Happy DOM: VM Context Escape can lead to Remote Code Execution
Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...
Happy DOM: VM Context Escape can lead to Remote Code Execution
Escape of VM Context gives access to process level functionality Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted...
Arbitrary Code Injection
Overview @happy-dom/server-renderer is an Use Happy DOM for server-side rendering SSR or as a static site generator SSG. Affected versions of this package are vulnerable to Arbitrary Code Injection due to default evaluation of code from strings. An attacker can execute arbitrary code on the host...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
EUVD-2019-12067
Malware in sbrugna...
EUVD-2019-12425
Malware in sbrugna...
EUVD-2019-12601
Malware in sbrugna...