CWE-693 · Protection Mechanism Failure
576 CVEs classified under CWE-693 (Protection Mechanism Failure). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47140 | Critical | 10.0 | 2026-06-12 | vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster… |
CVE-2026-34208 | Critical | 10.0 | 2026-04-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this p… |
CVE-2026-34938 | Critical | 10.0 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandb… |
CVE-2026-2768 | Critical | 10.0 | 2026-02-24 | Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |
CVE-2026-2761 | Critical | 10.0 | 2026-02-24 | Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and T… |
CVE-2026-23830 | Critical | 10.0 | 2026-01-28 | SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `Sandbo… |
CVE-2026-22686 | Critical | 10.0 | 2026-01-14 | Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-v… |
CVE-2026-0881 | Critical | 10.0 | 2026-01-13 | Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. |
CVE-2023-31273 | Critical | 10.0 | 2023-11-14 | Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via… |
CVE-2022-32845 | Critical | 10.0 | 2022-09-23 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break o… |
CVE-2026-50564 | Critical | 9.9 | 2026-06-10 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version… |
CVE-2026-50545 | Critical | 9.9 | 2026-06-10 | Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version… |
CVE-2026-45102 | Critical | 9.9 | 2026-05-27 | OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API… |
CVE-2026-39888 | Critical | 9.9 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs… |
CVE-2026-33396 | Critical | 9.9 | 2026-03-26 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve re… |
CVE-2026-21669 | Critical | 9.9 | 2026-03-12 | A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server. |
CVE-2026-25115 | Critical | 9.9 | 2026-02-04 | n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of… |
CVE-2025-68668 | Critical | 9.9 | 2025-12-26 | n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses… |
CVE-2023-25765 | Critical | 9.9 | 2023-02-15 | In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able t… |
CVE-2021-32835 | Critical | 9.9 | 2021-09-09 | Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lea… |