newsThe portal itself — self-promo until real sponsors land
Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
25 results//sorted by published//last sync 2026-06-23 17:48Z
Subscribe to news →
CVE-2026-44005 — vm2 is an open source vm/sandbox for Node.js.
vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fi CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-44001 — Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the onRejected callback in .then() and .catch() overrides and did not address the executor-to-unhandledRejection path. This vulnerability is fixed in 3.11.0. CVSSv3.1 8.6 (HIGH)
8.6
CVSS v3.1
93
Edit Score
CVE-2026-43999 — This allows sandboxed code to load excluded builtins like child_process and achieve remote code
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0. CVSSv3.1 9.9 (CRITICAL)
9.9
CVSS v3.1
100
Edit Score
CVE-2026-43998 — Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses
vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerabil CVSSv3.1 8.5 (HIGH)
8.5
CVSS v3.1
93
Edit Score
CVE-2026-43997 — vm2 is an open source vm/sandbox for Node.js.
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0. CVSSv3.1 10.0 (CRITICAL)
10.0
CVSS v3.1
100
Edit Score
CVE-2026-44574 — Next: From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect
Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. In affected deployments, specially crafted query parameters can alter the dynamic route value seen by the page while leaving the visible path unchanged, which can allow protected content to be rendered without passing the expected middleware check. This vulnera CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-6282 — A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device. CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-6281 — A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44295 — protobufjs-cli is the command line add-on for protobuf.js.
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without sufficient sanitization. This vulnerability is fixed in 1.2.1 and 2.0.2. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-44293 — Protobufjs_project Protobufjs: compiles protobuf definitions into JavaScript (JS) functions.
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generated conversion function. This vulnerability is fixed in 7.5.6 and 8.0.2. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-44291 — JavaScript: protobufjs compiles protobuf definitions into JavaScript (JS) functions.
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information. This could cause attacker-controlled strings to be emitted into generated JavaScript cod CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42945 — NGINX: This may cause a heap buffer overflow in the NGINX worker process leading to
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This CVSSv3.1 8.1 (HIGH)
8.1
CVSS v3.1
91
Edit Score
CVE-2026-42930 — Appliance: When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-42924 — Resource: An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration
An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-42557 — Jupyter Jupyterlab: A notebook with a pre-saved HTML cell output containing a deceptive button can trigger
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing CVSSv3.1 9.6 (CRITICAL)
9.6
CVSS v3.1
98
Edit Score
CVE-2026-42406 — BIG: A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-42266 — From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41957 — An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and
An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.8 (HIGH)
8.8
CVSS v3.1
94
Edit Score
CVE-2026-41953 — BIG: A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-41225 — REST: A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 9.1 (CRITICAL)
9.1
CVSS v3.1
96
Edit Score
CVE-2026-40698 — BIG: A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-40631 — Resource: An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects
An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-40061 — BIG: When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-34176 — Appliance: When running in Appliance mode, an authenticated remote command injection vulnerability exists in an
When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score
CVE-2026-32673 — BIG: A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVSSv3.1 8.7 (HIGH)
8.7
CVSS v3.1
94
Edit Score