CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13943 – Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-13943
30 Apr 2025 — Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. ... This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. • https://www.zerodayinitiative.com/advisories/ZDI-25-262 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6030 – Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-6030
30 Apr 2025 — Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. ... An attacker can leverage this vulnerability to bypass the iptables network sandbox. An attacker can leverage this vulnerability to bypass the iptables network sandbox. ... • https://www.zerodayinitiative.com/advisories/ZDI-25-263 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4083 – firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
https://notcve.org/view.php?id=CVE-2025-4083
29 Apr 2025 — A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could all... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958350 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42961
https://notcve.org/view.php?id=CVE-2023-42961
11 Apr 2025 — A sandboxed process may be able to circumvent sandbox restrictions. • https://support.apple.com/en-us/120328 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-3114 – Spotfire Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-3114
09 Apr 2025 — Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. ... Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. • https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31483 – Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration
https://notcve.org/view.php?id=CVE-2025-31483
03 Apr 2025 — Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed from default-src 'self' to default-src 'none'; form-action 'none'; sandbox;. ... Para mitigar la vulnerabilidad, la CSP del proxy multimedia se ha cambiado de `default-src 'self' a `default-src 'none'; form-action 'none'; san... • https://github.com/miniflux/v2/commit/cb695e653a08af4cabcb277c271ce74bd0c746e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24280 – Apple Security Advisory 03-31-2025-8
https://notcve.org/view.php?id=CVE-2025-24280
31 Mar 2025 — An access issue was addressed with additional sandbox restrictions. ... An app may be able to access user-sensitive data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24255 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2025-24255
31 Mar 2025 — An app may be able to break out of its sandbox. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54533 – Apple Security Advisory 03-31-2025-9
https://notcve.org/view.php?id=CVE-2024-54533
31 Mar 2025 — A permissions issue was addressed with additional sandbox restrictions. ... An app may be able to access sensitive user data. macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122374 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30461 – Apple Security Advisory 03-31-2025-7
https://notcve.org/view.php?id=CVE-2025-30461
31 Mar 2025 — An access issue was addressed with additional sandbox restrictions on the system pasteboards. ... An app may be able to access protected user data. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-862: Missing Authorization •