CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6384 – Improper Control of Dynamically-Managed Code Resources in Crafter Studio
https://notcve.org/view.php?id=CVE-2025-6384
19 Jun 2025 — Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). • https://docs.craftercms.org/current/security/advisory.html#cv-2025061901 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49131 – FastGPT Sandbox Vulnerable to Sandbox Bypass
https://notcve.org/view.php?id=CVE-2025-49131
09 Jun 2025 — The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. ... El contenedor de la Sandbox (fastgpt-sandbox) es un entorno aislado especi... • https://github.com/labring/FastGPT/pkgs/container/fastgpt-sandbox • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48950 – MaxKB Python Sandbox Bypass in Function Library
https://notcve.org/view.php?id=CVE-2025-48950
03 Jun 2025 — Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. • https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005 • CWE-276: Incorrect Default Permissions •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43853 – iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature
https://notcve.org/view.php?id=CVE-2025-43853
15 May 2025 — On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. • https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-8fc8-4g25-c8m7 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47775 – Bullfrog's DNS over TCP bypasses domain filtering
https://notcve.org/view.php?id=CVE-2025-47775
14 May 2025 — This can result in sandbox bypass. • https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13943 – Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-13943
30 Apr 2025 — Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. ... This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. • https://www.zerodayinitiative.com/advisories/ZDI-25-262 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6030 – Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-6030
30 Apr 2025 — Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. ... An attacker can leverage this vulnerability to bypass the iptables network sandbox. ... This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. ... An attacker can leverage this vulnerability to bypass the iptables network sandbox. • https://www.zerodayinitiative.com/advisories/ZDI-25-263 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2025-4083 – firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames
https://notcve.org/view.php?id=CVE-2025-4083
29 Apr 2025 — A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. ... A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape
CVSS: 9.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-3114 – Spotfire Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-3114
09 Apr 2025 — Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. ... Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. • https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-april-08-2025-spotfire-cve-2025-3114-r3484 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2025-2857 – openSUSE Security Advisory - openSUSE-SU-2025:14958-1
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. • https://github.com/RimaRuer/CVE-2025-2857-Exploit •