49 matches found
USN-8288-1: Bubblewrap vulnerability
It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issue to bypass sandbox restrictions...
PT-2026-29480
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0276 Description Vim is susceptible to remote code execution through maliciously crafted "modelines" that can bypass sandboxes. This allows for the execution of commands. Recommendations Update to version 9.2.0276 or...
EUVD-2012-5558
Malware in sbrugna...
EUVD-2015-1258
Malware in sbrugna...
EUVD-2018-10018
Malware in sbrugna...
EUVD-2025-25230
Malicious code in bioql PyPI...
CVE-2025-43358
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. A shortcut may be able to bypass sandbox restrictions...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54143
CVE-2025-54143 is tied to Firefox for iOS prior to version 141. The issue arises from sandboxed iframes on web pages that could bypass the parent page’s sandbox restrictions, potentially allowing downloads to the device. Affected product: Firefox for iOS
CVE-2025-51482
Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...
Twig 安全漏洞
Twig is a PHP template engine open-sourced by Twig. A security vulnerability exists in Twig that stems from the fact that sandbox security checks will not be run under certain circumstances, allowing user-contributed templates to bypass sandbox restrictions...
AlmaLinux 8 : thunderbird (ALSA-2024:4036)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4036 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
Debian: Security Advisory (DSA-5537-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-30547
A flaw was found in the vm2 sandbox. When exception handling is triggered, an unsanitized host is not managed properly. This issue may allow an attacker to bypass the sandbox protections, which can lead to remote code execution on the hypervisor host or the host that is running the sandbox...
CVE-2022-4291
CVE-2022-4291 affects Avast Antivirus on Windows via the aswjsflt.dll in the Script Shield component, where a heap corruption could allow bypassing the application sandbox. The issue was fixed in Script Shield 18.0.1478. Some sources also note that the vulnerability could cause a Mozilla Firefox ...