CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2857
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. • https://bugzilla.mozilla.org/show_bug.cgi?id=1956398 •
CVSS: 8.3EPSS: 9%CPEs: 1EXPL: 1CVE-2025-2783 – Google Chromium Mojo Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2025-2783
26 Mar 2025 — Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. • https://github.com/raulchung/CVE-2025-2783 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1930 – firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process
https://notcve.org/view.php?id=CVE-2025-1930
04 Mar 2025 — This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. ... This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1902309 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0982 – Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
https://notcve.org/view.php?id=CVE-2025-0982
06 Feb 2025 — Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. • https://cloud.google.com/application-integration/docs/release-notes#January_23_2025 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24116 – Apple Security Advisory 01-27-2025-6
https://notcve.org/view.php?id=CVE-2025-24116
27 Jan 2025 — An access issue was addressed with additional sandbox restrictions. ... An app may be able to bypass Privacy preferences. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24115 – Apple Security Advisory 01-27-2025-6
https://notcve.org/view.php?id=CVE-2025-24115
27 Jan 2025 — An app may be able to read files outside of its sandbox. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24108 – Apple Security Advisory 01-27-2025-4
https://notcve.org/view.php?id=CVE-2025-24108
27 Jan 2025 — An access issue was addressed with additional sandbox restrictions. ... An app may be able to access protected user data. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122068 • CWE-862: Missing Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24359 – ASTEVAL Vulnerable to Maliciously Crafted Format Strings Leading to Sandbox Escape
https://notcve.org/view.php?id=CVE-2025-24359
24 Jan 2025 — Prior to version 1.0.6, if an attacker can control the input to the `asteval` library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. • https://github.com/lmfit/asteval/blob/cfb57f0beebe0dc0520a1fbabc35e66060c7ea71/asteval/asteval.py#L507 • CWE-134: Use of Externally-Controlled Format String CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54514 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54514
11 Dec 2024 — An app may be able to break out of its sandbox. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-54529 – Apple Security Advisory 12-11-2024-5
https://notcve.org/view.php?id=CVE-2024-54529
11 Dec 2024 — MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. • https://packetstorm.news/files/id/188787 • CWE-94: Improper Control of Generation of Code ('Code Injection') •