Security Vulnerabilities
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-05-04
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-05-04
Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-04
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-04
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.10.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-05-04
Transient DOS when processing target power rate tables during channel configuration.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-04
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-04