The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...
The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.
Bleeping Computer

R language flaw allows code execution via RDS/RDX files

A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. R is an open-source programming ...
Dark Reading

What You Need to Know About Arbitrary Code Execution Vulnerabilities

They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...