Monthly
Content security policy bypass in Google Chrome prior to version 147.0.7727.55 allows remote attackers to bypass CSP protections via ServiceWorker policy manipulation when users interact with crafted HTML pages. The vulnerability requires user interaction (UI:R in CVSS) and results in integrity impact only; EPSS exploitation probability is minimal at 0.02%, and Chromium rates the security severity as low despite the policy bypass nature.
Sandbox escape in SandboxJS npm package allows unauthenticated remote attackers to mutate host JavaScript global objects (Math, JSON, etc.) and persist malicious code across sandbox instances. The vulnerability bypasses intended global-write protections by exploiting an exposed constructor callable path (this.constructor.call), enabling arbitrary property injection into host runtime globals. Exploitation probability is HIGH (EPSS not available for recent CVE), with publicly available exploit code demonstrating both immediate host contamination and cross-execution persistence. Critical impact: attacker-controlled globals can hijack application control flow when host code consumes mutated built-ins, escalating to arbitrary command execution when chained with application sinks like execSync().
Critical sandbox escape in praisonaiagents Python library allows remote unauthenticated attackers to execute arbitrary OS commands by exploiting a type-checking flaw in the _safe_getattr wrapper. The vulnerability affects pkg:pip/praisonaiagents and carries a maximum CVSS 10.0 score with network attack vector, no authentication required, and changed scope impact. Deployments using default autonomous modes (PRAISONAI_AUTO_APPROVE=true) execute attacker code silently without human confirmation, enabling indirect prompt injection attacks against AI agent pipelines. Publicly available exploit code exists with working proof-of-concept demonstrating full OS command execution via subprocess.Popen access.
Information disclosure in Google Chrome's WebUSB implementation prior to version 146.0.7680.178 allows remote attackers to extract sensitive data from process memory by delivering a crafted HTML page, exploiting insufficient policy enforcement in the WebUSB API. The vulnerability affects all Chrome versions before 146.0.7680.178 across all platforms. No public exploit code or active exploitation has been confirmed at the time of this analysis.
Remote code execution is possible in vLLM inference and serving engine versions 0.10.1 through 0.17.x due to hardcoded trust_remote_code=True settings in two model implementation files that override users' explicit --trust-remote-code=False security configuration. Attackers can exploit this by hosting malicious model repositories that execute arbitrary code when loaded by vLLM, even when users have intentionally disabled remote code trust for security. Version 0.18.0 patches this vulnerability, with no public exploit identified at time of analysis and a CVSS score of 8.8 requiring user interaction to trigger.
An access control vulnerability in macOS allows applications to connect to network shares without explicit user consent, bypassing the sandbox restrictions designed to prevent unauthorized network access. This affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, where a malicious or compromised application could silently establish connections to network resources. Apple has addressed this issue through additional sandbox restrictions in the specified patch versions; no public exploit code or active exploitation via KEV has been reported, but the nature of the vulnerability suggests moderate real-world risk due to the ease with which local applications could abuse this capability.
This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.
A security vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 4.9). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 2.7). Remediation should follow standard vulnerability management procedures.
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.
Content security policy bypass in Google Chrome prior to version 147.0.7727.55 allows remote attackers to bypass CSP protections via ServiceWorker policy manipulation when users interact with crafted HTML pages. The vulnerability requires user interaction (UI:R in CVSS) and results in integrity impact only; EPSS exploitation probability is minimal at 0.02%, and Chromium rates the security severity as low despite the policy bypass nature.
Sandbox escape in SandboxJS npm package allows unauthenticated remote attackers to mutate host JavaScript global objects (Math, JSON, etc.) and persist malicious code across sandbox instances. The vulnerability bypasses intended global-write protections by exploiting an exposed constructor callable path (this.constructor.call), enabling arbitrary property injection into host runtime globals. Exploitation probability is HIGH (EPSS not available for recent CVE), with publicly available exploit code demonstrating both immediate host contamination and cross-execution persistence. Critical impact: attacker-controlled globals can hijack application control flow when host code consumes mutated built-ins, escalating to arbitrary command execution when chained with application sinks like execSync().
Critical sandbox escape in praisonaiagents Python library allows remote unauthenticated attackers to execute arbitrary OS commands by exploiting a type-checking flaw in the _safe_getattr wrapper. The vulnerability affects pkg:pip/praisonaiagents and carries a maximum CVSS 10.0 score with network attack vector, no authentication required, and changed scope impact. Deployments using default autonomous modes (PRAISONAI_AUTO_APPROVE=true) execute attacker code silently without human confirmation, enabling indirect prompt injection attacks against AI agent pipelines. Publicly available exploit code exists with working proof-of-concept demonstrating full OS command execution via subprocess.Popen access.
Information disclosure in Google Chrome's WebUSB implementation prior to version 146.0.7680.178 allows remote attackers to extract sensitive data from process memory by delivering a crafted HTML page, exploiting insufficient policy enforcement in the WebUSB API. The vulnerability affects all Chrome versions before 146.0.7680.178 across all platforms. No public exploit code or active exploitation has been confirmed at the time of this analysis.
Remote code execution is possible in vLLM inference and serving engine versions 0.10.1 through 0.17.x due to hardcoded trust_remote_code=True settings in two model implementation files that override users' explicit --trust-remote-code=False security configuration. Attackers can exploit this by hosting malicious model repositories that execute arbitrary code when loaded by vLLM, even when users have intentionally disabled remote code trust for security. Version 0.18.0 patches this vulnerability, with no public exploit identified at time of analysis and a CVSS score of 8.8 requiring user interaction to trigger.
An access control vulnerability in macOS allows applications to connect to network shares without explicit user consent, bypassing the sandbox restrictions designed to prevent unauthorized network access. This affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, where a malicious or compromised application could silently establish connections to network resources. Apple has addressed this issue through additional sandbox restrictions in the specified patch versions; no public exploit code or active exploitation via KEV has been reported, but the nature of the vulnerability suggests moderate real-world risk due to the ease with which local applications could abuse this capability.
This vulnerability allows attackers to bypass Content Security Policy (CSP) enforcement in Apple's WebKit engine through maliciously crafted web content, affecting Safari and all Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability stems from improper state management during web content processing, enabling attackers to circumvent a critical security control that prevents injection attacks and unauthorized script execution. While no CVSS score or EPSS data is currently available, the broad platform impact across Apple's entire ecosystem and the fundamental nature of CSP bypass as an information disclosure vector indicate significant real-world risk.
A security vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 4.9). Remediation should follow standard vulnerability management procedures.
A remote code execution vulnerability in A vulnerability exists in the Community Tier of Harden-Runner that (CVSS 2.7). Remediation should follow standard vulnerability management procedures.
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.