Search Vulnerabilities

ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling file-access policy enforcement

Windows Shell Security Feature Bypass Vulnerability

Windows Shell Spoofing Vulnerability

October CMS: Twig Sandbox Bypass via Collection Methods

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB: Sandbox escape via LD_PRELOAD bypass

ImageMagick: Heap-use-after-free via XMP profile could result in a crash when printing values

PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Directus is Missing Cross-Origin Opener Policy

SandboxJS: Sandbox integrity escape

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)