https://vulnerability.circl.lu/sightings/feed 2026-06-12T22:13:04.296211+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/d59c8797-48b3-4cfd-a811-1936a9598770/export 2026-06-12T22:13:04.337739+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "d59c8797-48b3-4cfd-a811-1936a9598770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44003", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7", "content": "", "creation_timestamp": "2026-05-01T20:44:52.000000Z"} 2026-05-01T20:44:52+00:00 https://vulnerability.circl.lu/sighting/a8356f78-097b-458a-a436-beda0b7a4aab/export 2026-06-12T22:13:04.337633+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "a8356f78-097b-458a-a436-beda0b7a4aab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44007", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx", "content": "", "creation_timestamp": "2026-05-01T21:29:07.000000Z"} 2026-05-01T21:29:07+00:00 https://vulnerability.circl.lu/sighting/d0fb7d1b-2df3-4d1f-a7a5-49c3f41f768b/export 2026-06-12T22:13:04.337511+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "d0fb7d1b-2df3-4d1f-a7a5-49c3f41f768b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44008", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq", "content": "", "creation_timestamp": "2026-05-03T21:34:12.000000Z"} 2026-05-03T21:34:12+00:00 https://vulnerability.circl.lu/sighting/7a70fd26-a340-4835-8c09-5c748987be14/export 2026-06-12T22:13:04.336384+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "7a70fd26-a340-4835-8c09-5c748987be14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44009", "type": "published-proof-of-concept", "source": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm", "content": "", "creation_timestamp": "2026-05-03T21:34:48.000000Z"} 2026-05-03T21:34:48+00:00 https://vulnerability.circl.lu/sighting/0fbdbe78-f989-4674-ae03-3dbc9b6e8dbf/export 2026-06-12T22:13:04.336280+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "0fbdbe78-f989-4674-ae03-3dbc9b6e8dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44007", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml4tiejjgf2s", "content": "vm2: sandbox escape in NodeVM with nesting:true (CVE-2026-44007)", "creation_timestamp": "2026-05-05T18:39:06.928892Z"} 2026-05-05T18:39:06.928892+00:00 https://vulnerability.circl.lu/sighting/43a2e26d-7074-4abc-96b0-6631280abc7a/export 2026-06-12T22:13:04.336174+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "43a2e26d-7074-4abc-96b0-6631280abc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44001", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbn3ni6e2c", "content": "CVE-2026-44001 - vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)\nCVE ID : CVE-2026-44001\n \n Published : May 13, 2026, 6:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbo...", "creation_timestamp": "2026-05-13T21:45:32.352989Z"} 2026-05-13T21:45:32.352989+00:00 https://vulnerability.circl.lu/sighting/902d5336-c432-49b5-b497-cee565d3178e/export 2026-06-12T22:13:04.336068+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "902d5336-c432-49b5-b497-cee565d3178e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44006", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlrbtta76z2i", "content": "CVE-2026-44006 - vm2: Sandbox Escape\nCVE ID : CVE-2026-44006\n \n Published : May 13, 2026, 6:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to...", "creation_timestamp": "2026-05-13T21:49:21.251112Z"} 2026-05-13T21:49:21.251112+00:00 https://vulnerability.circl.lu/sighting/4eed8bdd-90a5-43f2-afcc-32e9cee21dc6/export 2026-06-12T22:13:04.335947+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "4eed8bdd-90a5-43f2-afcc-32e9cee21dc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44001", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlthl3rm5l2q", "content": "\ud83d\udccc CVE-2026-44001 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the ho... https://www.cyberhub.blog/cves/CVE-2026-44001", "creation_timestamp": "2026-05-14T18:37:07.923428Z"} 2026-05-14T18:37:07.923428+00:00 https://vulnerability.circl.lu/sighting/33056f0f-cc94-4aae-b55d-04296f60eedd/export 2026-06-12T22:13:04.335788+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "33056f0f-cc94-4aae-b55d-04296f60eedd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44006", "type": "seen", "source": "https://t.me/bdufstecru/3172", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 BaseHandler.getPrototypeOf() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 vm2 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 NPM \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u0439 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06907\nCVE-2026-44006\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/patriksimek/vm2/releases/tag/v3.11.0", "creation_timestamp": "2026-05-18T14:18:11.000000Z"} 2026-05-18T14:18:11+00:00 https://vulnerability.circl.lu/sighting/e642bf0f-81c4-4407-b146-b2f0ef83cc01/export 2026-06-12T22:13:04.332696+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e642bf0f-81c4-4407-b146-b2f0ef83cc01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44007", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmhyplqiny2r", "content": "\ud83d\udccc CVE-2026-44007 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('... https://www.cyberhub.blog/cves/CVE-2026-44007", "creation_timestamp": "2026-05-22T22:37:06.598073Z"} 2026-05-22T22:37:06.598073+00:00