EUVD-2025-22995

Malicious code in bioql PyPI...

EUVD-2025-16168

Malicious code in bioql PyPI...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

Sandboxie 安全漏洞

Sandboxie is sandboxie-plus open source sandbox-based isolation software. A security vulnerability exists in Sandboxie 1.16.1 and earlier versions, which stems from the explicit transfer of credentials in the password handling mechanism and could lead to credential disclosure...

CVE-2025-46715

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

CVE-2025-46716

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiSetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read...

CVE-2025-46716 Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM)

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiSetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read...

CVE-2025-46715

Sandboxie is affected by CVE-2025-46715 due to Api_GetSecureParam not sanitizing incoming pointers, allowing a kernel pointer to be written by GetRegValue to a chosen SBIE registry entry. This enables an attacker to dump registry contents via SbieDrv.sys on Windows systems, including low integrit...

CVE-2025-46715 Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM)

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiGetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write t...

PT-2025-22474 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie versions 1.3.0 through 1.15.12 Description: The issue is related to an arithmetic overflow in the API GET SECURE PARAM, leading to a small memory allocation followed by an extremely large copy into the small allocation...

PT-2025-22512 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie versions 1.3.0 through 1.15.12 Description: The issue arises from the failure of Api SetSecureParam to sanitize incoming pointers, implicitly trusting the pointer passed by the user as safe to read from. This allows SetRegValue to...

PT-2025-22508 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie versions 1.3.0 through 1.15.12 Description: The issue arises from the failure of Api GetSecureParam to sanitize incoming pointers, implicitly trusting the pointer passed by the user as safe to write to. GetRegValue then writes the...

PT-2025-22473 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie versions 0.0.1 through 1.15.11 Description: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An arithmetic overflow in the memory allocation subsystem, specifically within the...

CVE-2024-49360

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user UserA with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders C:\Sandbox\UserB\xxx. An authenticated attack...

CVE-2024-49360 Path traversal in Sandboxie

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user UserA with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders C:\Sandbox\UserB\xxx. An authenticated attack...

PT-2018-14624 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie version 5.26 Description: The issue allows a sandbox escape via an import os statement, followed by os.system"cmd" or os.system"powershell", within a .py file. The vendor disputes this issue, stating that the observed behavior is...