category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-47140	vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution_CVE-2026-47140 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_thre...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-47139	vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server_CVE-2026-47139 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin ...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47137	vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE_CVE-2026-47137 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodev...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47135	vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks_CVE-2026-47135 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Nod...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
CRITICAL 10	CVE-2026-47131	vm2: Sandbox Escape_CVE-2026-47131 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buf...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-46340	Netty: SCTP reassembly nests buffers without bound_CVE-2026-46340 Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Fina...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-45674	Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records_CVE-2026-45674 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-45673	Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port_CVE-2026-45673 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4	CVE-2026-45536	Netty: Unix-socket fd receive leaks descriptors when peer sends two at once_CVE-2026-45536 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_u...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-45416	Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes_CVE-2026-45416 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClie...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE