CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
The vm2 sandbox component of the open-source JavaScript runtime environment Node.js is vulnerable with certain settings.
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
IT之家 5 月 6 日消息,当地时间 5 月 5 日,Node.js 团队发布了最新的 Node.js 26.0.0 版本(Current),Node.js 26 将于 10 月进入 LTS(长期支持)阶段。IT之家附主要更新内容如下:Temporal API:Temporal API 现在在 Node.js 26 中默认启用。Temporal 是一个用于 JavaScript 的现代日期 / ...
zhiding.cn on MSN
VM2 JavaScript沙箱发现13个严重漏洞,可执行任意代码
研究人员在vm2 JavaScript沙箱库中发现13个严重漏洞,攻击者可借此突破容器限制并在宿主系统执行任意命令。其中CVE-2026-26956可在特定Node.js 25与WebAssembly组合环境下完全逃逸沙箱,CVE-2026-44007则通过nesting:true配置选项触发权限控制缺陷。安全研究人员建议开发者立即升级至vm2 3.11.2版本,并考虑将不可信代码迁移至Docke ...
The JavaScript and TypeScript server and bundler Bun will consist of Rust code in the future. Within weeks, Claude Code ...
Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming language.
Popular channel offering practical Node.js tutorials, REST API projects, and backend fundamentals with clear explanations suited for beginners a ...
Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...
Overview: AI coding tools are transforming software development, but strong programming fundamentals and system design ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果