CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-43332
https://notcve.org/view.php?id=CVE-2025-43332
15 Sep 2025 — A file quarantine bypass was addressed with additional checks. ... An app may be able to break out of its sandbox. • https://support.apple.com/en-us/125112 •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-43358
https://notcve.org/view.php?id=CVE-2025-43358
15 Sep 2025 — A permissions issue was addressed with additional sandbox restrictions. ... A shortcut may be able to bypass sandbox restrictions. • https://support.apple.com/en-us/125112 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-48543 – Android Runtime Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-48543
04 Sep 2025 — In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. ... Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation. • https://android.googlesource.com/platform/art/+/444fc40dfb04d2ec5f74c443ed3a4dd45d3131f2 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-9959 – Sandbox escape in smolagents Local Python execution environment via dunder attributes
https://notcve.org/view.php?id=CVE-2025-9959
03 Sep 2025 — Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. • https://research.jfrog.com/vulnerabilities/smolagents-local-python-sandbox-escape-jfsa-2025-001434277 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9185 – thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
https://notcve.org/view.php?id=CVE-2025-9185
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9181 – thunderbird: firefox: Uninitialized memory in the JavaScript Engine component
https://notcve.org/view.php?id=CVE-2025-9181
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1977130 • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9180 – thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-9180
19 Aug 2025 — 'Same-origin policy bypass in the Graphics: Canvas2D component.' ... The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9179 – thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
https://notcve.org/view.php?id=CVE-2025-9179
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2025-54782 – @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
https://notcve.org/view.php?id=CVE-2025-54782
01 Aug 2025 — When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). ... One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. • https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34146 – nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS
https://notcve.org/view.php?id=CVE-2025-34146
31 Jul 2025 — The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned. • https://github.com/nyariv/SandboxJS/issues/31 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •