CVE-2025-13818 - Local privilege escalation in ESET Management Agent for Windows
CVE ID : CVE-2025-13818
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13818
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1337 - Insufficient escaping of unicode characters in query log
CVE ID : CVE-2026-1337
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1337
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2056 - D-Link DIR-605L/DIR-619L DHCP Connection Status wan_connection_status.asp information disclosure
CVE ID : CVE-2026-2056
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2056
Published : Feb. 6, 2026, 2:16 p.m. | 2 hours, 32 minutes ago
Description : A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to information disclosure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25556 - MuPDF <= 1.27.0 Barcode Decoding Double Free
CVE ID : CVE-2026-25556
Published : Feb. 6, 2026, 4:11 p.m. | 36 minutes ago
Description : MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25556
Published : Feb. 6, 2026, 4:11 p.m. | 36 minutes ago
Description : MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13523 - Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow
CVE ID : CVE-2025-13523
Published : Feb. 6, 2026, 4:16 p.m. | 32 minutes ago
Description : Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13523
Published : Feb. 6, 2026, 4:16 p.m. | 32 minutes ago
Description : Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2057 - SourceCodester Medical Center Portal Management System login.php sql injection
CVE ID : CVE-2026-2057
Published : Feb. 6, 2026, 4:16 p.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2057
Published : Feb. 6, 2026, 4:16 p.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2103 - Use of Hard-Coded Cryptographic Key for Password Storage
CVE ID : CVE-2026-2103
Published : Feb. 6, 2026, 4:22 p.m. | 26 minutes ago
Description : Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2103
Published : Feb. 6, 2026, 4:22 p.m. | 26 minutes ago
Description : Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2058 - mathurvishal CloudClassroom-PHP-Project Post Query Details postquerypublic.php sql injection
CVE ID : CVE-2026-2058
Published : Feb. 6, 2026, 4:32 p.m. | 16 minutes ago
Description : A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2058
Published : Feb. 6, 2026, 4:32 p.m. | 16 minutes ago
Description : A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25751 - FUXA Unauthenticated Exposure of Plaintext Database Credentials
CVE ID : CVE-2026-25751
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25751
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full system configuration, including administrative credentials for the InfluxDB database. Possession of these credentials may allow an attacker to authenticate directly to the database service, enabling them to read, modify, or delete all historical process data, or perform a Denial of Service by corrupting the database. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25752 - FUXA Unauthenticated Remote Arbitrary Device Tag Write
CVE ID : CVE-2026-25752
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and overwrite arbitrary device tags or disable communication drivers, exposing connected ICS/SCADA environments to follow-on actions. This may allow an attacker to manipulate physical processes and disconnected devices from the HMI. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25752
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and overwrite arbitrary device tags or disable communication drivers, exposing connected ICS/SCADA environments to follow-on actions. This may allow an attacker to manipulate physical processes and disconnected devices from the HMI. This affects FUXA through version 1.2.9. This issue has been patched in FUXA version 1.2.10.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25753 - PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
CVE ID : CVE-2026-25753
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25753
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2062 - Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null pointer dereference
CVE ID : CVE-2026-2062
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2062
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2063 - D-Link DIR-823X Web Management set_ac_server os command injection
CVE ID : CVE-2026-2063
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2063
Published : Feb. 6, 2026, 7:16 p.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25636 - calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution
CVE ID : CVE-2026-25636
Published : Feb. 6, 2026, 8:07 p.m. | 41 minutes ago
Description : calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25636
Published : Feb. 6, 2026, 8:07 p.m. | 41 minutes ago
Description : calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25635 - calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
CVE ID : CVE-2026-25635
Published : Feb. 6, 2026, 8:10 p.m. | 38 minutes ago
Description : calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25635
Published : Feb. 6, 2026, 8:10 p.m. | 38 minutes ago
Description : calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25731 - Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export
CVE ID : CVE-2026-25731
Published : Feb. 6, 2026, 8:14 p.m. | 34 minutes ago
Description : calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25731
Published : Feb. 6, 2026, 8:14 p.m. | 34 minutes ago
Description : calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15320 - Tanium addressed a denial of service vulnerability in Tanium Client.
CVE ID : CVE-2025-15320
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : Tanium addressed a denial of service vulnerability in Tanium Client.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15320
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : Tanium addressed a denial of service vulnerability in Tanium Client.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1709 - Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication
CVE ID : CVE-2026-1709
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1709
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22254 - Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager
CVE ID : CVE-2026-22254
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage_assets. The Winter CMS maintainers strongly recommend that the cms.manage_assets permission only be reserved to trusted administrators and developers in general. This vulnerability is fixed in 1.2.10.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22254
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage_assets. The Winter CMS maintainers strongly recommend that the cms.manage_assets permission only be reserved to trusted administrators and developers in general. This vulnerability is fixed in 1.2.10.
Severity: 0.0 | NONE
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25520 - SandboxJS has a Sandbox Escape
CVE ID : CVE-2026-25520
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox. This vulnerability is fixed in 0.8.29.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25520
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox. This vulnerability is fixed in 0.8.29.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25586 - SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
CVE ID : CVE-2026-25586
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25586
Published : Feb. 6, 2026, 8:16 p.m. | 32 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...