Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
IEEE

Llm-Fuzz: Adaptive, Structure-Aware Fuzzing of Javascript Engines with Large Language Models

Abstract: Fuzzing modern JavaScript (JS) engines remains challenging due to the semantic complexity required to explore deep program states and advanced components such as Just-InTime (JIT) compilers.
GitHub

Javenode is Java + V8 + Node.js. It is a Node.js simulator with Java in V8.

Javenode is an extension of Javet (Java + V8). It aims at simulating Node.js with Java in Javet V8 mode. Why? Because Javet V8 mode is much more secure than the Node.js mode, but lacks of some basic ...
IEEE

BCFuzz: Bytecode-Driven Fuzzing for JavaScript Engines

Abstract: The interpreter and the Just-In-Time (JIT) compiler are two core components of modern JavaScript engines, both of which take bytecodes as input. Most bugs in these components are closely ...