Lucene search
+L

6 matches found

NVD
NVD
โ€ขadded 2026/06/11 6:16 p.m.โ€ข15 views

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

8.5CVSS0.00487EPSS
Exploits0References3
Github Security Blog
Github Security Blog
โ€ขadded 2026/06/03 9:39 p.m.โ€ข17 views

browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491โ€“515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References4Affected Software1
CVE
CVE
โ€ขadded 2026/06/02 8:31 p.m.โ€ข47 views

CVE-2026-49143

CVE-2026-49143 affects BrowserStack Runner up to version 0.9.5. The vulnerability is in the /_log HTTP handler, permitting unauthenticated, network-adjacent attackers to achieve remote code execution by sending crafted JSON bodies that are passed to vm.runInNewContext() with eval(); attackers can...

8.8CVSS6.7AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
โ€ขadded 2026/06/02 8:31 p.m.โ€ข45 views

CVE-2026-49143 BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...

8.8CVSS0.00392EPSS
Exploits0References2
RedHat Linux
RedHat Linux
โ€ขadded 2024/04/30 9:57 a.m.โ€ข7 views

kernel: KVM: nSVM: Check instead of asserting on nested TSC scaling support

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSRAMD64TSCRATIO has diverged from KVM's...

5.5CVSS6.8AI score0.00134EPSS
Exploits0References5
Positive Technologies
Positive Technologies
โ€ขadded 2018/11/12 12:0 a.m.โ€ข8 views

PT-2018-14844 ยท Ethereumjs ยท Ethereumjs-Vm

Name of the Vulnerable Software and Affected Versions: ethereumjs-vm version 2.4.0 Description: The issue allows attackers to cause a denial of service, leading to vm.runCode failure and REVERT, via a code attribute set to Buffer.frommy code, 'hex'. It's worth noting that the vendor disputes this...

7.5CVSS7.3AI score0.03101EPSS
Exploits1References9
Rows per page
Query Builder