CVE-2025-0982

CRITICAL Year: 2025
Weakness Type
CWE-829
View all →

Vulnerability Description

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed.

Related Vulnerabilities

CVE-2024-38537

NONE
CVSS:0.0(None)

Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited e...

CWE-8292024

CVE-2020-4561

CRITICAL
CVSS:10.0(Critical)

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write fil...

CWE-8292020

CVE-2004-0030

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...

CWE-8292004

CVE-2004-0285

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV...

CWE-8292004

CVE-2010-2076

CRITICAL
CVSS:9.8(Critical)

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not p...

CWE-8292010

CVE-2012-4919

CRITICAL
CVSS:9.8(Critical)

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

CWE-8292012