Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
The Hacker News

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...
SecurityWeek

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install backdoors.
SecurityWeek

Critical Remote Code Execution Vulnerability Patched in Android

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...