CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13632
https://notcve.org/view.php?id=CVE-2025-13632
02 Dec 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html • CWE-194: Unexpected Sign Extension •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66299 – Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
https://notcve.org/view.php?id=CVE-2025-66299
01 Dec 2025 — Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor... • https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66294 – Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
https://notcve.org/view.php?id=CVE-2025-66294
01 Dec 2025 — Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27. • https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7017
https://notcve.org/view.php?id=CVE-2024-7017
14 Nov 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13097
https://notcve.org/view.php?id=CVE-2025-13097
14 Nov 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-13026 – Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
https://notcve.org/view.php?id=CVE-2025-13026
11 Nov 2025 — Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. ... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1994441 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-13023 – Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component
https://notcve.org/view.php?id=CVE-2025-13023
11 Nov 2025 — Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. ... Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1992032 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-12695 – Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
https://notcve.org/view.php?id=CVE-2025-12695
04 Nov 2025 — The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. • https://research.jfrog.com/vulnerabilities/dspy-sandbox-escape-arbitrary-file-read-jfsa-2025-001495652 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12380 – Use-after-free in WebGPU internals triggered from a compromised child process
https://notcve.org/view.php?id=CVE-2025-12380
28 Oct 2025 — This may have been usable to escape the child process sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1993113 • CWE-416: Use After Free •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62525 – OpenWrt vulnerable to local privilage escalation
https://notcve.org/view.php?id=CVE-2025-62525
22 Oct 2025 — This vulnerability could allow attackers to escape a ujail sandbox or other contains. • https://github.com/openwrt/openwrt/commit/2a76abc5442e3f74d95b4caa9bb57e5488fc132e • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •