15 matches found
PT-2026-47061
Excited to share my research was accepted at @BlackHatEvents USA 2026! 🎩 I'll present how I achieved interactive access to users' AI assistants by chaining: 🔓 Prompt injection 🔓 Privilege escalation 🔓 Path traversal 🔓 .toml injection 🔓 and finally an LD PRELOAD exploit The impact: 🚨 CVE-2026-3219...
CVE-2024-2605
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
Prototype Pollution
safe-eval is vulnerable to Prototype Pollution. The vulnerability exists in safeEval in index.js due to sandbox escaping which allows an attacker to access the host error objects during the generation of a stack trace...
Input validation
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
Node.js: Permissions policies can be bypassed via process.mainModule
A vulnerability was discovered in Node.js permission policies that allowed a script to include any non-whitelisted module by calling process.mainModule.require. This could allow an attacker to bypass the limited whitelist and access internal file systems or run child processes. The vulnerability...
Google Chrome Buffer Overflow Vulnerability (CNVD-2021-13483)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A heap buffer overflow vulnerability exists in Tab Strip in versions prior to Google Chrome 88.0.4324.182, which can be exploited by an attacker to perform sandbox...
Google Chrome Buffer Overflow Vulnerability (CNVD-2021-13484)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A buffer overflow vulnerability exists in Tab Strip in versions prior to Google Chrome 88.0.4324.182, which can be exploited by an attacker to perform sandbox...
Google Chrome post-release reuse vulnerability (CNVD-2021-14738)
Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in Navigation in versions prior to Google Chrome 88.0.4324.146. An attacker can exploit this vulnerability to potentially perform sandbox escaping via a crafted HTML page...
Google Chrome post-release reuse vulnerability (CNVD-2021-14740)
Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in Payments in versions prior to Google Chrome 88.0.4324.146. An attacker can exploit this vulnerability to perform sandbox escaping via a crafted HTML page...
Google Chrome post-release reuse vulnerability (CNVD-2021-30148)
Google Chrome is a web browser from Google, an American company. A post-release reuse vulnerability exists in Omnibox in versions of Google Chrome prior to 88.0.4324.96. An attacker can exploit this vulnerability to perform sandbox escaping via a crafted HTML page...
Google Chrome post-release reuse vulnerability (CNVD-2021-22976)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in DevTools in versions prior to Google Chrome 88.0.4324.96. An attacker can exploit the vulnerability to perform sandbox...
Google Chrome DevTools Improperly Implemented Vulnerability
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A DevTools improperly implemented vulnerability exists in versions of Google Chrome prior to 88.0.4324.96. A remote attacker could potentially exploit this...
CVE-2019-1365
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT...
Cross-Site Scripting (XSS) Via Sandbox Escaping
angular is vulnerable to cross-site scripting attacks. A malicious user can inject arbitrary javascript by executing angular expressions with sandbox escape characters in them. Starting from version 1.6 onwards, the sandbox feature has been removed from angular. To mitigate this issue, developers...
Multiple Macromedia Coldfusion security vulnerabilities
DoS, crossite scripting, sandbox escaping...