CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-43853 – iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
https://notcve.org/view.php?id=CVE-2025-43853
15 May 2025 — The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox.... • https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-8fc8-4g25-c8m7 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47775 – Bullfrog's DNS over TCP bypasses domain filtering
https://notcve.org/view.php?id=CVE-2025-47775
14 May 2025 — This can result in sandbox bypass. • https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6030 – Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-6030
30 Apr 2025 — Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-263 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13943 – Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-13943
30 Apr 2025 — Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. • https://www.zerodayinitiative.com/advisories/ZDI-25-262 • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4083 – firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
https://notcve.org/view.php?id=CVE-2025-4083
29 Apr 2025 — A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. ... A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1958350 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-3114 – Spotfire Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-3114
09 Apr 2025 — Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. ... Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. • https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2025-2857
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. • https://github.com/RimaRuer/CVE-2025-2857-Exploit •
CVSS: 8.3EPSS: 3%CPEs: 1EXPL: 3CVE-2025-2783 – Google Chromium Mojo Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2025-2783
26 Mar 2025 — Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. • https://github.com/raulchung/CVE-2025-2783 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1930 – firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process
https://notcve.org/view.php?id=CVE-2025-1930
04 Mar 2025 — This could have led to a sandbox escape. ... This could have led to a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902309 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0982 – Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
https://notcve.org/view.php?id=CVE-2025-0982
06 Feb 2025 — Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. • https://cloud.google.com/application-integration/docs/release-notes#January_23_2025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •