654 results (0.006 seconds)

CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0

19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1977130 • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization •

CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0

19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

19 Aug 2025 — Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0

01 Aug 2025 — When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox (safe-eval-like implementation). ... One of these endpoints, /inspector/graph/interact, accepts JSON input containing a code field and executes the provided code in a Node.js vm.runInNewContext sandbox. • https://github.com/JLLeitschuh/nestjs-devtools-integration-rce-poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

31 Jul 2025 — This can result in a denial-of-service (DoS) condition or, under certain conditions, escape the sandboxed environment intended to restrict code execution. The vulnerability stems from insufficient prototype access checks in the sandbox’s executor logic, particularly in the handling of JavaScript function objects returned. • https://github.com/nyariv/SandboxJS/issues/31 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0

31 Jul 2025 — A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. • https://certvde.com/de/advisories/VDE-2025-065 • CWE-653: Improper Isolation or Compartmentalization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

27 Jul 2025 — A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). ... Se identificó una vulnerabilidad de escape del entorno de pruebas en la versión 1.14.0 de huggingface/smolagents, que permite a los atacantes eludir el entorno de ejecución restringido y lograr la ejecución remota de código (RCE). • https://github.com/huggingface/smolagents/commit/33a942e62b6fbf6a35d41f1c735bda2d64c163d0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

15 Jul 2025 — Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. ... This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://github.com/allinsthon/CVE-2025-6558-exp • CWE-76: Improper Neutralization of Equivalent Special Elements •