CVE-2026-25142

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27...

📄 Visual Studio 1.39.0 Remote Debugger

Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...

EUVD-2020-4701

Malware in sbrugna...

Cisco NX-OS Improper Input Validation (CVE-2017-12336)

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validati...

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that...

CVE-2023-6860

The VideoBridge allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Mozilla: Arbitrary file read from a compromised content process

The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This bug only affects Firefox for Linux. Other operating systems are unaffected...

CVE-2022-31696

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox...

Design/Logic Flaw

An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the...

PYSEC-2021-868

An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the...

PT-2021-6792 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.39 Description: The issue allows a Sandbox Escape because the $smarty.template object can be accessed in sandbox mode. This is due to insufficient access control when handling the $smarty.template object...

CVE-2020-27485

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

Ubuntu: Security Advisory (USN-4083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3994-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-5163

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...

Debian DSA-1120-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-1942 Eric Foley discovered that a user can be tricked to expose a local file to a remote attacker by displaying a local file as...