CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

7.8CVSS6.7AI score0.00084EPSS

Exploits1References1

RedhatCVE•added 2025/05/24 1:19 p.m.•10 views

CVE-2025-46713

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, APISETSECUREPARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requeste...

7.8CVSS7.4AI score0.00084EPSS

Exploits1References1

NVD•added 2025/05/22 5:15 p.m.•8 views

CVE-2025-46716

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiSetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read...

5.5CVSS0.00089EPSS

Exploits1References1

CVE•added 2025/05/22 4:50 p.m.•47 views

CVE-2025-46716

CVE-2025-46716 affects Sandboxie (Sandboxie or Sandboxie-plus) for Windows. The issue is in Api_SetSecureParam, which prior to v1.15.12 fails to sanitize incoming pointers and implicitly trusts the user-supplied pointer. As a result, SetRegValue can read an arbitrary address (potentially a kernel...

5.5CVSS5.4AI score0.00089EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/05/22 12:23 p.m.•6 views

CVE-2025-46713 Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_SET_SECURE_PARAM)

7.8CVSS7.9AI score0.00084EPSS

Exploits1References1

CNNVD•added 2025/05/22 12:0 a.m.•1 views

Sandboxie 缓冲区错误漏洞

Sandboxie is sandboxie-plus open source sandbox-based isolation software. A buffer error vulnerability exists in Sandboxie versions prior to 1.3.0 through 1.15.12, which stems from ApiSetSecureParam not cleaning up incoming pointers and could read arbitrary kernel addresses...

5.5CVSS6.7AI score0.00089EPSS

Exploits1References1

Positive Technologies•added 2024/07/11 12:0 a.m.•2 views

PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...

7.8CVSS7.1AI score0.00814EPSS

Exploits0References26

Snyk•added 2022/07/15 11:4 p.m.•3 views

Uncontrolled Recursion

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: A malicious HTTP server or client can cause the net/http client or server to panic.ReadRequest and ReadResponse can hit an...

8.2CVSS6.8AI score0.00022EPSS

Exploits0References3

Rosalinux•added 2021/07/02 4:34 p.m.•22 views

Advisory ROSA-SA-2021-1810

Software: cairo 1.15.12 OS: Cobalt 7.9 CVE-ID: CVE-2018-18064 CVE-Crit: MEDIUM CVE-DESC: cairo before version 1.15.14 has an off-stack write while processing a generated document with WebKitGTK + due to interaction between cairo-rectangular-scan-converter.c generate and renderrows functions and...

6.5CVSS7AI score0.0051EPSS

Exploits1

Tenable Nessus•added 2021/06/23 12:0 a.m.•39 views

Amazon Linux 2 : golang (ALAS-2021-1657)

The version of golang installed on the remote host is prior to 1.15.12-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1657 advisory. A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and...

5.9CVSS7.3AI score0.00022EPSS

Exploits0References3

OSV•added 2021/05/27 1:15 p.m.•1 views

DEBIAN-CVE-2021-31525

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

5.9CVSS6.7AI score0.00022EPSS

Exploits0References1

UbuntuCve•added 2021/05/27 1:15 p.m.•41 views

CVE-2021-31525

5.9CVSS6.8AI score0.00022EPSS

Exploits0References1

CNNVD•added 2021/05/26 12:0 a.m.•1 views

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS8AI score0.00142EPSS

Exploits0References12