CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-6558
https://notcve.org/view.php?id=CVE-2025-6558
15 Jul 2025 — Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53626 – pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation
https://notcve.org/view.php?id=CVE-2025-53626
10 Jul 2025 — The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. • https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53372 – node-code-sandbox-mcp has a Sandbox Escape via Command Injection
https://notcve.org/view.php?id=CVE-2025-53372
08 Jul 2025 — node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges o... • https://github.com/alfonsograziano/node-code-sandbox-mcp/commit/e461a74ecb189b268daac0d972c467b49b2abdd2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6384 – Improper Control of Dynamically-Managed Code Resources in Crafter Studio
https://notcve.org/view.php?id=CVE-2025-6384
19 Jun 2025 — Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. • https://docs.craftercms.org/current/security/advisory.html#cv-2025061901 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49131 – FastGPT Sandbox Vulnerable to Sandbox Bypass
https://notcve.org/view.php?id=CVE-2025-49131
09 Jun 2025 — FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sa... • https://github.com/labring/FastGPT/commit/bb810a43a1c70683fab7f5fe993771e930a94426 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48950 – MaxKB Python Sandbox Bypass in Function Library
https://notcve.org/view.php?id=CVE-2025-48950
03 Jun 2025 — MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue. • https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005 • CWE-276: Incorrect Default Permissions •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43853 – iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
https://notcve.org/view.php?id=CVE-2025-43853
15 May 2025 — The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox.... • https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-8fc8-4g25-c8m7 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47775 – Bullfrog's DNS over TCP bypasses domain filtering
https://notcve.org/view.php?id=CVE-2025-47775
14 May 2025 — This can result in sandbox bypass. • https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13943 – Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-13943
30 Apr 2025 — Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-262 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6030 – Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-6030
30 Apr 2025 — Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-263 • CWE-250: Execution with Unnecessary Privileges •