Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

patriksimek — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting patriksimek. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Patriksimek develops security tools and research, primarily focusing on vulnerability discovery and exploitation frameworks. Historically, their work has frequently involved remote code execution, cross-site scripting, and privilege escalation vulnerabilities across multiple platforms. Notable characteristics include contributions to penetration testing tools and disclosure of critical flaws in widely-used software. While no major security incidents directly attributed to patriksimek have been widely documented, their CVE record demonstrates consistent findings in high-impact vulnerabilities, particularly affecting web applications and system components. Their research often emphasizes practical exploitation techniques, making their findings relevant for both defensive security measures and penetration testing methodologies.

Top products by patriksimek: vm2
CVE IDTitleCVSSSeverityPublished
CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data — vm2CWE-668--2026-06-12
CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass — vm2CWE-913 9.8 Critical2026-06-12
CVE-2026-47208 vm2: Sandbox Breakout Using Promise Species — vm2CWE-913 10.0 Critical2026-06-12
CVE-2026-47140 vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution — vm2CWE-693 10.0 Critical2026-06-12
CVE-2026-47139 vm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server — vm2CWE-693 8.6 High2026-06-12
CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE — vm2CWE-913 10.0 Critical2026-06-12
CVE-2026-47135 vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks — vm2CWE-693 8.7 High2026-06-12
CVE-2026-47131 vm2: Sandbox Escape — vm2CWE-913 10.0 Critical2026-06-12
CVE-2026-47209 vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain — vm2CWE-693 8.6 High2026-06-12
CVE-2026-44005 vm2: Sandbox escape — vm2CWE-1321 10.0 Critical2026-05-13
CVE-2026-45411 vm2: Sandbox Breakout Using Async Generator — vm2CWE-668 9.8 Critical2026-05-13
CVE-2026-44009 vm2: Sandbox Breakout Through Null Proto Exception — vm2CWE-668 9.8 Critical2026-05-13
CVE-2026-44008 vm2: Snabox breakout via `neutralizeArraySpeciesBatch` — vm2CWE-668 9.8 Critical2026-05-13
CVE-2026-44007 vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS command execution — vm2CWE-284 9.1 Critical2026-05-13
CVE-2026-44006 vm2: Sandbox Escape — vm2CWE-94 10.0 Critical2026-05-13
CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) — vm2CWE-770 7.5 High2026-05-13
CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable — vm2CWE-693 5.3 Medium2026-05-13
CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak — vm2CWE-209 5.8 Medium2026-05-13
CVE-2026-44001 vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) — vm2CWE-248 8.6 High2026-05-13
CVE-2026-44000 vm2: sandbox boundary bypass via host Promise resolution preserving host object identity — vm2CWE-693 6.5 Medium2026-05-13
CVE-2026-43999 vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape — vm2CWE-863 9.9 Critical2026-05-13
CVE-2026-43998 vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape — vm2CWE-59 8.5 High2026-05-13
CVE-2026-43997 vm2: Sandbox Escape — vm2CWE-94 10.0 Critical2026-05-13
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) — vm2CWE-693 9.8 Critical2026-05-04
CVE-2026-26332 vm2: Sandbox Escape — vm2CWE-94 9.8 Critical2026-05-04
CVE-2026-24781 vm2: Sandbox Breakout Through Inspect — vm2CWE-94 9.8 Critical2026-05-04
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species — vm2CWE-693 9.8 Critical2026-05-04
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__ — vm2CWE-94 9.8 Critical2026-05-04
CVE-2026-22709 vm2 has a Sandbox Escape — vm2CWE-94 9.8 Critical2026-01-26
CVE-2023-37903 Sandbox Escape in vm2 — vm2CWE-78 9.8 Critical2023-07-21

This page lists every published CVE security advisory associated with patriksimek. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.