CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62583
https://notcve.org/view.php?id=CVE-2025-62583
16 Oct 2025 — Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment. • https://cve.naver.com/detail/cve-2025-62583.html • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34267 – Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages
https://notcve.org/view.php?id=CVE-2025-34267
14 Oct 2025 — Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. ... When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the ... • https://www.vulncheck.com/advisories/flowise-auth-command-execution-and-sandbox-bypass-via-puppeteer-and-playwright-packages • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11206 – openSUSE Security Advisory - openSUSE-SU-2025:0388-1
https://notcve.org/view.php?id=CVE-2025-11206
02 Oct 2025 — Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11152 – Sandbox escape due to integer overflow in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-11152
30 Sep 2025 — Sandbox escape due to integer overflow in the Graphics: Canvas2D component. • https://bugzilla.mozilla.org/show_bug.cgi?id=1987246 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59532 – Codex has sandbox bypass due to bug in path configuration logic
https://notcve.org/view.php?id=CVE-2025-59532
22 Sep 2025 — In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandbox restriction. This issue has been patched in Codex CLI 0.39.0 t... • https://github.com/openai/codex/commit/8595237505a1e0faabc2af3db805b66ce3ae182d • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59340 – jinjava Sandbox Bypass via JavaType-Based Deserialization
https://notcve.org/view.php?id=CVE-2025-59340
17 Sep 2025 — As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). • https://github.com/HubSpot/jinjava/commit/66df351e7e8ad71ca04dcacb4b65782af820b8b1 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-10528 – Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-10528
16 Sep 2025 — Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. ... The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics. • https://bugzilla.mozilla.org/show_bug.cgi?id=1986185 • CWE-693: Protection Mechanism Failure CWE-824: Access of Uninitialized Pointer •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-10527 – Sandbox escape due to use-after-free in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-10527
16 Sep 2025 — Sandbox escape due to use-after-free in the Graphics: Canvas2D component. ... The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Graphics. • https://bugzilla.mozilla.org/show_bug.cgi?id=1984825 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-48543 – Android Runtime Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-48543
04 Sep 2025 — In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. ... Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation. • https://android.googlesource.com/platform/art/+/444fc40dfb04d2ec5f74c443ed3a4dd45d3131f2 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-9959 – Sandbox escape in smolagents Local Python execution environment via dunder attributes
https://notcve.org/view.php?id=CVE-2025-9959
03 Sep 2025 — Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. • https://research.jfrog.com/vulnerabilities/smolagents-local-python-sandbox-escape-jfsa-2025-001434277 • CWE-94: Improper Control of Generation of Code ('Code Injection') •