Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
GitHub

cve-2026-34197

CVE-2026-34197: Apache ActiveMQ Classic RCE via Jolokia API (CVSS 8.8). Python & Nmap NSE detection scripts. A 13-year-old vulnerability allows remote code execution through the addNetworkConnector ...
GitHub

cve-2026-39987

CVE-2026-39987: Marimo Python Notebook Pre-Auth RCE (CVSS 9.3). Python & Nmap NSE detection scripts. Missing authentication on /terminal/ws WebSocket endpoint gives attackers a full PTY shell without ...