CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7017
https://notcve.org/view.php?id=CVE-2024-7017
14 Nov 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13097
https://notcve.org/view.php?id=CVE-2025-13097
14 Nov 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-13026 – Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
https://notcve.org/view.php?id=CVE-2025-13026
11 Nov 2025 — Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. ... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1994441 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-13023 – Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
https://notcve.org/view.php?id=CVE-2025-13023
11 Nov 2025 — Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. ... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1992032 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-12695 – Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
https://notcve.org/view.php?id=CVE-2025-12695
04 Nov 2025 — The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. • https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-read-jfsa-2025-001495652 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-43412
https://notcve.org/view.php?id=CVE-2025-43412
04 Nov 2025 — A file quarantine bypass was addressed with additional checks. ... An app may be able to break out of its sandbox. • https://support.apple.com/en-us/125635 • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34267 – Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages
https://notcve.org/view.php?id=CVE-2025-34267
14 Oct 2025 — Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. ... When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context ... • https://www.vulncheck.com/advisories/flowise-auth-command-execution-and-sandbox-bypass-via-puppeteer-and-playwright-packages • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11206 – openSUSE Security Advisory - openSUSE-SU-2025:0388-1
https://notcve.org/view.php?id=CVE-2025-11206
02 Oct 2025 — Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11152 – Sandbox escape due to integer overflow in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-11152
30 Sep 2025 — Sandbox escape due to integer overflow in the Graphics: Canvas2D component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1987246 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-59845 – Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
https://notcve.org/view.php?id=CVE-2025-59845
26 Sep 2025 — Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. ... This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3. • https://github.com/apollographql/embeddable-explorer/security/advisories/GHSA-w87v-7w53-wwxv • CWE-346: Origin Validation Error CWE-352: Cross-Site Request Forgery (CSRF) •