Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

124 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fixed the issue with zerovruntime tracking. John reported that stress-ng-yield could cause his machine to behave abnormally. He managed to bisect the process to commit the change identified as b3d99f43c72b „sched/fair...

5.5CVSS5.7AI score0.00013EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: Avoid stalls in fqpietimer When setting a high number of flows the limit is 65536, fqpietimer currently uses too much time, as reported by syzbot. Add logic to yield the CPU every 2048 flows less than 150...

5.7AI score0.00039EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.2 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: sockmap: Added a condresched function in sockhashfree. Several reports of syzbot soft lockups involve sockhashfree. If a map with a large number of buckets is destroyed, we need to yield the CPU when necessary...

5.5CVSS6.2AI score0.00013EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/14 9:14 p.m.7 views

EUVD-2026-30086

vm2 Has a Sandbox Breakout Using Async Generator...

9.8CVSS5.8AI score0.00082EPSS
Exploits1References4
OSV
OSVadded 2026/05/14 9:14 p.m.1 views

GHSA-248R-7H7Q-CR24 vm2 Has a Sandbox Breakout Using Async Generator

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...

9.8CVSS6.2AI score0.00082EPSS
Exploits1References5
Snyk
Snykadded 2026/05/13 7:16 p.m.5 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the yield iterator inside an async generator. An attacker can execute arbitrary commands on the host...

10CVSS6.2AI score0.00082EPSS
Exploits1References2
NVD
NVDadded 2026/05/13 6:16 p.m.6 views

CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS0.00082EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 5:38 p.m.2 views

CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS6.1AI score0.00082EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/13 5:38 p.m.29 views

CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS0.00082EPSS
Exploits1References1
CVE
CVEadded 2026/05/13 5:38 p.m.28 views

CVE-2026-45411

vm2 is a Node.js sandbox; prior to 3.11.3, an async generator yield* can cause host exceptions to escape the VM when the generator is closed with return, with exceptions from then being routed to the yield* iterator as the next value, enabling arbitrary host commands. This is fixed in 3.11.3. The...

9.8CVSS6.1AI score0.00082EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/13 5:38 p.m.4 views

CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS6.1AI score0.00082EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2026/05/13 3:35 a.m.2 views

SUSE CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.8AI score0.00013EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-43323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his...

5.5CVSS5.9AI score0.00013EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.9 views

PT-2026-40731

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.3 Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. This occurs because a host exception can be caught using the yield expression within an async generator. When the...

10CVSS6.1AI score0.00082EPSS
Exploits1References9
EUVD
EUVDadded 2026/05/08 3:31 p.m.4 views

EUVD-2026-28607

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.8AI score0.00013EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/05/08 2:16 p.m.4 views

CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.5CVSS5.8AI score0.00013EPSS
Exploits0References6
OSV
OSVadded 2026/05/08 2:16 p.m.5 views

UBUNTU-CVE-2026-43323

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

5.5CVSS5.8AI score0.00013EPSS
Exploits0References7
CVE
CVEadded 2026/05/08 1:31 p.m.12 views

CVE-2026-43323

CVE-2026-43323 refers to a Linux kernel scheduler flaw in the fair scheduling component where zero_vruntime tracking could become inconsistent under certain conditions (e.g., frequent yield and multi‑cgroup scenarios). The linked sources describe a specific scenario with two runnable tasks exchan...

5.5CVSS5.8AI score0.00013EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/08 1:31 p.m.28 views

CVE-2026-43323 sched/fair: Fix zero_vruntime tracking fix

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zerovruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zerovruntime tracking". The combination of yield and tha...

0.00013EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-38974

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zero vruntime tracking". The combination of yield and...

5.8AI score0.00013EPSS
Exploits0References5
Rows per page
Query Builder