A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

CERT-IN has issued a critical alert for Google Chrome desktop users, highlighting a vulnerability that could allow remote hackers to execute arbitrary code on affected systems.

CVE-2025-8088, a WinRAR vulnerability patched in July 2025, has been widely exploited by state-sponsored threat actors and cybercriminals.

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers ...

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...

To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious ...

Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out ...