CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9185 – Debian Security Advisory 5980-1
https://notcve.org/view.php?id=CVE-2025-9185
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9181 – Debian Security Advisory 5980-1
https://notcve.org/view.php?id=CVE-2025-9181
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1977130 • CWE-457: Use of Uninitialized Variable •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9180 – Debian Security Advisory 5980-1
https://notcve.org/view.php?id=CVE-2025-9180
19 Aug 2025 — 'Same-origin policy bypass in the Graphics: Canvas2D component.' ... Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9179 – Debian Security Advisory 5980-1
https://notcve.org/view.php?id=CVE-2025-9179
19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2025-54782 – @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
https://notcve.org/view.php?id=CVE-2025-54782
01 Aug 2025 — When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). ... One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. • https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34146 – nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS
https://notcve.org/view.php?id=CVE-2025-34146
31 Jul 2025 — The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned. • https://github.com/nyariv/SandboxJS/issues/31 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-41688 – High Privilege RCE via LUA Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-41688
31 Jul 2025 — A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. • https://certvde.com/de/advisories/VDE-2025-065 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-43270 – Apple Security Advisory 07-29-2025-5
https://notcve.org/view.php?id=CVE-2025-43270
29 Jul 2025 — An access issue was addressed with additional sandbox restrictions. ... Una aplicación podría obtener acceso no autorizado a la red local. macOS Sequoia 15.6 addresses bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/124149 • CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-43266 – Apple Security Advisory 07-29-2025-5
https://notcve.org/view.php?id=CVE-2025-43266
29 Jul 2025 — An app may be able to break out of its sandbox. ... Es posible que una aplicación pueda salir de su entorno de pruebas. macOS Sequoia 15.6 addresses bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/124149 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-43250 – Apple Security Advisory 07-29-2025-5
https://notcve.org/view.php?id=CVE-2025-43250
29 Jul 2025 — An app may be able to break out of its sandbox. ... Es posible que una aplicación pueda salir de su entorno de pruebas. macOS Sequoia 15.6 addresses bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/124149 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •