热门Node.js库vm2被曝出严重沙箱逃逸漏洞CVE-2026-22709，CVSS评分9.8分。该漏洞源于Promise处理程序的不当清理，攻击者可利用此漏洞逃脱沙箱并在底层操作系统执行任意代码。漏洞已在3.10.2版本中修复，但这是该库近年来遭遇的一系列沙箱逃逸漏洞之一。维护者建议用户及时更新并考虑使用isolated-vm等更安全的替代方案。

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Bangladeshi workers were lured to Russia under the false promise of civilian work and then forced to fight in the Ukraine war ...

Powell's layoffs are "part of its current growth strategy and effort to align operating costs with business realities." ...

A pilot program serving Medicaid patients in North Carolina showed promise. But funding has dried up, leading to layoffs.

A year into President Donald Trump’s second term, American energy dominance has advanced as promised, confirmed by affordable power and reliable energy, and seen in the ...

In October 2025, Trump talked to Treasury Secretary Scott Bessent about establishing a “ Ukraine victory fund .” The U.S.

The Liberty High girls basketball team is in its first season under new coach Kris Bunch and is showing promise with a ...

The first major update in nearly 10 years, jQuery 4.0.0 follows a long development cycle and several pre-releases.

This article originally appeared on Inside Climate News, a nonprofit, non-partisan news organization that covers climate, ...

President Donald Trump has made lots of promises during the first year of his second term in the White House. Some ideas have ...