CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14372 – openSUSE Security Advisory - openSUSE-SU-2025-20161-1
https://notcve.org/view.php?id=CVE-2025-14372
12 Dec 2025 — Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66419 – MaxKB vulnerable to privilege escalation through sandbox bypass
https://notcve.org/view.php?id=CVE-2025-66419
11 Dec 2025 — MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0. • https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64721 – Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise
https://notcve.org/view.php?id=CVE-2025-64721
11 Dec 2025 — Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g., 0xFFFFFFF0) wraps the allocation size, causing a heap overflow when attacker data is copied into the undersized buffer. This allows sandboxed processes to execut... • https://github.com/sandboxie-plus/Sandboxie/commit/000492f8c411d24292f1b977a107994347bc7dfa • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14333 – Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
https://notcve.org/view.php?id=CVE-2025-14333
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1966501%2C1997639 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-14331 – Same-origin policy bypass in the Request Handling component
https://notcve.org/view.php?id=CVE-2025-14331
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=2000218 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14330 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14330
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-686: Function Call With Incorrect Argument Type CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14329 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14329
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1997018 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14328 – Privilege escalation in the Netmonitor component
https://notcve.org/view.php?id=CVE-2025-14328
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996761 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14325 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14325
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1998050 •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-14324 – JIT miscompilation in the JavaScript Engine: JIT component
https://notcve.org/view.php?id=CVE-2025-14324
09 Dec 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. • https://bugzilla.mozilla.org/show_bug.cgi?id=1996840 • CWE-94: Improper Control of Generation of Code ('Code Injection') •