CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2025-54782 – @nestjs/devtools-integration's CSRF to Sandbox Escape Allows for RCE against JS Developers
https://notcve.org/view.php?id=CVE-2025-54782
01 Aug 2025 — When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). ... One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. • https://github.com/nestjs/nest/security/advisories/GHSA-85cg-cmq5-qjm7 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34146 – nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS
https://notcve.org/view.php?id=CVE-2025-34146
31 Jul 2025 — This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned. • https://github.com/nyariv/SandboxJS/issues/31 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-41688 – High Privilege RCE via LUA Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-41688
31 Jul 2025 — A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. • https://certvde.com/de/advisories/VDE-2025-065 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5120 – Sandbox Escape Vulnerability in huggingface/smolagents
https://notcve.org/view.php?id=CVE-2025-5120
27 Jul 2025 — A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). • https://huntr.com/bounties/63ab1cfe-b573-4cf5-a7d3-fb6c957e34b0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53927 – MaxKB sandbox bypass
https://notcve.org/view.php?id=CVE-2025-53927
17 Jul 2025 — Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2025-6558 – Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2025-6558
15 Jul 2025 — Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. ... This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://github.com/allinsthon/CVE-2025-6558-exp •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53626 – pdfme has Sandbox Escape and Prototype Pollution vulnerabilities in pdfme expression evaluation
https://notcve.org/view.php?id=CVE-2025-53626
10 Jul 2025 — The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. • https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53372 – node-code-sandbox-mcp has a Sandbox Escape via Command Injection
https://notcve.org/view.php?id=CVE-2025-53372
08 Jul 2025 — node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. ... Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. • https://github.com/alfonsograziano/node-code-sandbox-mcp/commit/e461a74ecb189b268daac0d972c467b49b2abdd2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6384 – Improper Control of Dynamically-Managed Code Resources in Crafter Studio
https://notcve.org/view.php?id=CVE-2025-6384
19 Jun 2025 — Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). • https://docs.craftercms.org/current/security/advisory.html#cv-2025061901 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49131 – FastGPT Sandbox Vulnerable to Sandbox Bypass
https://notcve.org/view.php?id=CVE-2025-49131
09 Jun 2025 — The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. ... El contenedor de la Sandbox (fastgpt-sandbox) es un entorno aislado especi... • https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox • CWE-732: Incorrect Permission Assignment for Critical Resource •