CVE-2026-47208

Publié : 12 juin 2026

Modifié : 12 juin 2026

Score CVSS

CRITICAL

Description détaillée

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Références et Patchs

https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8 https://github.com/patriksimek/vm2/releases/tag/v3.11.4 https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j

Dernières Vulnérabilités

CVE-2026-12176

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

VOIR DÉTAILS

CVE-2026-12175

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

VOIR DÉTAILS

CVE-2026-12174

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

VOIR DÉTAILS