CWE-913 · Improper Control of Dynamically-Managed Code Resources

92 CVEs classified under CWE-913 (Improper Control of Dynamically-Managed Code Resources). Browse by severity and year.

Top CVEs for CWE-913
CVESeverityScorePublishedSummary
CVE-2026-47208Critical10.02026-06-12vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code w…
CVE-2026-47137Critical10.02026-06-12vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 26…
CVE-2026-47131Critical10.02026-06-12vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.cal…
CVE-2026-23830Critical10.02026-01-28SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `Sandbo…
CVE-2023-29017Critical10.02023-04-06vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects pass…
CVE-2022-36067Critical10.02022-09-06vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandb…
CVE-2026-34156Critical9.92026-03-31NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow S…
CVE-2026-25049Critical9.92026-02-04n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows c…
CVE-2025-68613Critical9.92025-12-19n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Ex…
CVE-2026-53753Critical9.82026-06-23Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST…
CVE-2026-47210Critical9.82026-06-12vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host proces…
CVE-2026-22709Critical9.82026-01-26vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be b…
CVE-2025-25270Critical9.82025-07-08An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVE-2024-8953Critical9.82025-03-20In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to…
CVE-2024-5452Critical9.82024-06-06A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user in…
CVE-2023-43177Critical9.82023-11-18CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
CVE-2023-4041Critical9.82023-08-23Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon…
CVE-2023-29199Critical9.82023-04-14There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleEx…
CVE-2022-44000Critical9.82022-11-16An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system comma…
CVE-2021-22387Critical9.82021-08-02There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow…