Node.js

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access vm2 sandbox escape CVE-2026-26956 Smartphone Vulnerabilities

vm2 sandbox escape CVE-2026-26956 Smartphone Vulnerabilities

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access

Do Son May 8, 2026

A critical vulnerability within the widely adopted vm2 library for Node.js has jeopardized services that execute third-party...

The Schema Poisoning: How a 9.4-Severity RCE Vulnerability in Protobuf.js Hijacks Node.js Servers Protobuf.js RCE vulnerability

Protobuf.js RCE vulnerability

The Schema Poisoning: How a 9.4-Severity RCE Vulnerability in Protobuf.js Hijacks Node.js Servers

Do Son April 21, 2026

An innocuous data description file can precipitously metamorphose into a vehicle for server hijacking. Security specialists at...

Critical (CVSS 9.9): Samlify Flaw Allows Unauthenticated SSO Bypass Operation CACTUS Vulnerability Samlify vulnerability

Operation CACTUS Vulnerability Samlify vulnerability

Critical (CVSS 9.9): Samlify Flaw Allows Unauthenticated SSO Bypass

Do Son May 23, 2025

A critical vulnerability has been discovered in Samlify, a library designed to integrate SAML authentication into Node.js...