Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30938 | 1 Parseplatform | 1 Parse-server | 2026-06-17 | N/A | 5.3 MEDIUM |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can be bypassed by placing any nested object or array before a prohibited keyword in the request payload. This is caused by a logic bug that stops scanning sibling keys after encountering the first nested value. Any custom requestKeywordDenylist entries configured by the developer are equally by-passable using the same technique. All Parse Server deployments are affected. The requestKeywordDenylist is enabled by default. This vulnerability is fixed in 8.6.12 and 9.5.1-alpha.1. Use a Cloud Code beforeSave trigger to validate incoming data for prohibited keywords across all classes. | |||||
| CVE-2026-2803 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 7.5 HIGH |
| Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||||
| CVE-2026-2768 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-2761 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |||||
| CVE-2026-26994 | 1 Refraction-networking | 1 Utls | 2026-06-17 | N/A | 6.5 MEDIUM |
| uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a uTLS client to a lower TLS version (e.g., TLS 1.2) by modifying the ClientHello message to exclude the SupportedVersions extension, causing the server to respond with a TLS 1.2 ServerHello (along with a downgrade canary in the ServerHello random field). Because uTLS did not check the downgrade canary in the ServerHello random field, clients would accept the downgraded connection without detecting the attack. This attack could also be used by an active network attacker to fingerprint uTLS connections. This issue has been fixed in version 1.7.0. | |||||
| CVE-2026-25115 | 1 N8n | 1 N8n | 2026-06-17 | N/A | 9.9 CRITICAL |
| n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8. | |||||
| CVE-2026-25056 | 1 N8n | 1 N8n | 2026-06-17 | N/A | 8.8 HIGH |
| n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0. | |||||
| CVE-2026-24868 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2. | |||||
| CVE-2026-23830 | 1 Nyariv | 1 Sandboxjs | 2026-06-17 | N/A | 10.0 CRITICAL |
| SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability. | |||||
| CVE-2026-23553 | 1 Xen | 1 Xen | 2026-06-17 | N/A | 2.9 LOW |
| In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with task 1's training still in the BTB. | |||||
| CVE-2026-22723 | 1 Cloudfoundry | 2 Cf-deployment, Uaa-release | 2026-06-17 | N/A | 6.5 MEDIUM |
| Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0. | |||||
| CVE-2026-22709 | 1 Vm2 Project | 1 Vm2 | 2026-06-17 | N/A | 9.8 CRITICAL |
| vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue. | |||||
| CVE-2026-22686 | 1 Agentfront | 1 Enclave | 2026-06-17 | N/A | 10.0 CRITICAL |
| Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Error object retains its host realm prototype chain, which can be traversed to reach the host Function constructor. An attacker can intentionally trigger a host error, then climb the prototype chain. Using the host Function constructor, arbitrary JavaScript can be compiled and executed in the host context, fully bypassing the sandbox and granting access to sensitive resources such as process.env, filesystem, and network. This breaks enclave-vm’s core security guarantee of isolating untrusted code. This vulnerability is fixed in 2.7.0. | |||||
| CVE-2026-21513 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-17 | N/A | 8.8 HIGH |
| Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-21510 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-17 | N/A | 8.8 HIGH |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2026-20824 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2026-20667 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox. | |||||
| CVE-2026-1232 | 2026-06-17 | N/A | N/A | ||
| A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration. | |||||
| CVE-2026-0881 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 10.0 CRITICAL |
| Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||||
| CVE-2026-0877 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 8.1 HIGH |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | |||||