CWE-1100
4 CVEs classified under CWE-1100. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44008 | Critical | 9.8 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpeciesBatch works with objects from the other side but can call i… |
CVE-2026-44007 | Critical | 9.1 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') reg… |
CVE-2025-3466 | High | 7.2 | 2025-07-07 | langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions… |
CVE-2024-9612 | Medium | 6.5 | 2025-03-20 | In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be… |