CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

CVE-2026-32603

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the...

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

EUVD-2026-27461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

CVE-2026-34461

Sandboxie-Plus

CVE-2026-34459

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request...

EUVD-2026-27456

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

CVE-2026-32603

Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the...

Sandboxie Plus 安全漏洞

Sandboxie Plus is an open-source Windows sandboxing tool developed by Sandboxie Plus. Versions of Sandboxie Plus prior to 1.17.2 contained a security vulnerability, which was caused by a TOCTOU race condition during the plugin installation process. This vulnerability could allow non-privileged...

Sandboxie 输入验证错误漏洞

Sandboxie is an open-source isolation software based on a sandbox mechanism, developed by sandboxie-plus. Versions of Sandboxie starting from 1.17.2 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from unauthorized processes sending malformed IOCTL...

PT-2026-37218

Name of the Vulnerable Software and Affected Versions Sandboxie versions prior to 1.17.3 Description A local denial of service exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL Input/Output Control to the...

PT-2026-37229

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description An issue exists in the NamedPipeServer::OpenHandler function where the server field from NAMED PIPE OPEN REQ is copied into a fixed WCHAR pipename160 stack buffer using wcscat without verifyi...

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

EUVD-2026-25382

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-41068

CVE-2026-41068 concerns Kyverno: the ConfigMap context loader does not validate the namespace field, enabling a namespace admin to read ConfigMaps across namespaces using Kyverno’s privileged service account and causing a complete RBAC bypass in multi-tenant clusters. This mirrors the previously ...

PT-2026-34849

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4 Description An unchecked type assertion in the forEach mutation handler allows a user with permissions to create a Policy or ClusterPolicy to cause the cluster-wide background...

PT-2026-34843

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

K000160637: Intel 800 Series Ethernet vulnerability CVE-2025-24303

Security Advisory Description Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-24303 Impact This...