Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-913

CWE-913

Improper Control of Dynamically-Managed Code Resources

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

90 vulnerabilities with CWE-913

CVE-2026-47210 CRITICAL

vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

CVE-2026-47208 CRITICAL

vm2: Sandbox Breakout Using Promise Species

CVE-2026-47137 CRITICAL

vm2 < 3.11.4 - Remote Code Execution via NodeVM Patch Bypass

CVE-2026-47131 CRITICAL

vm2: Sandbox Escape

CVE-2026-48700 CRITICAL

Lxqt PCManFM-Qt < 2.4.0 - Improper Control of Dynamically-Managed Code Resources

CVE-2026-44336 CRITICAL

PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

CVE-2026-7381 CRITICAL

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

CVE-2026-5251 MEDIUM

z-9527 admin User Update Endpoint user.js dynamically-determined object attributes

CVE-2026-5248 MEDIUM

gougucms User Registration Login.php reg_submit dynamically-determined object attributes

CVE-2026-34156 CRITICAL

NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

CVE-2026-33286 CRITICAL

Graphiti <1.10.2 - Arbitrary Method Execution

CVE-2026-25049 CRITICAL

n8n <1.123.17, <2.5.2 - Command Injection

CVE-2026-1770 MEDIUM

CrafterCMS 4.0.0-4.4.9 - Authenticated Remote Code Execution via Groovy Sandbox Bypass

CVE-2026-23830 CRITICAL

sandboxjs < 0.8.26 - Remote Code Execution via AsyncFunction Constructor Access

CVE-2026-22709 CRITICAL

NPM Vm2 < 3.10.2 - Code Injection

CVE-2025-69219 HIGH

apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry

CVE-2025-66398 CRITICAL

Signal K Server < 2.19.0 - Unauthenticated Remote Code Execution via Backup Validation Endpoint

CVE-2025-68613 CRITICAL KEV

n8n Workflow Expression Remote Code Execution

CVE-2025-14695 MEDIUM

SamuNatsu HaloBot - Remote Code Execution via HTML Renderer Action Manipulation

CVE-2025-13659 HIGH

Ivanti Endpoint Manager < 2024 SU4 SR1 - Unauthenticated Arbitrary File Write and Remote Code Execution

CVE-2025-13426 HIGH

Google Cloud Apigee hybrid Javacallout policy - Remote Code Execution via Malicious MessageContext Object Injection

CVE-2025-14085 MEDIUM

Youlaitech Youlai-mall 1.0.0/2.0.0 - Improper Control of Dynamicall...

CVE-2025-14051 MEDIUM

Youlaitech Youlai-mall 1.0.0/2.0.0 - Info Disclosure

CVE-2025-54065 HIGH

GZDoom <= 4.14.2 - Remote Code Execution via ZScript Actor State Handling

CVE-2025-26405 MEDIUM

Intel(R) NPU Drivers - Denial of Service via Ring 3 User Applications

Page 1 of 4 Next

Details

Vulnerabilities 90

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy