EUVD-2020-18462

Malware in sbrugna...

EUVD-2025-10835

Malicious code in bioql PyPI...

Sandbox Escape

CefSharp is vulnerable to Sandbox Escape. The vulnerability is due to improper handling of system resource handles in Mojo under certain unspecified conditions, allows a malicious file to exploit the flaw and escape the sandbox...

GHSA-F87W-3J5W-V58P CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. Chromium security severity: High https://nvd.nist.gov/vuln/detail/CVE-2025-2783...

CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. Chromium security severity: High https://nvd.nist.gov/vuln/detail/CVE-2025-2783...

Improper Isolation or Compartmentalization

Overview CefSharp.WinForms is a the CefSharp Chromium-based browser component WinForms control. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections,...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

Improper Isolation or Compartmentalization

Overview CefSharp.Wpf is a the CefSharp Chromium-based browser component WPF control. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a...

Improper Isolation or Compartmentalization

Overview CefSharp.Wpf.HwndHost is a the CefSharp Chromium-based browser component. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logi...

CVE-2024-42366

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

CVE-2024-42366 VR Overlay RCE

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

CVE-2024-42366

Summary of CVE-2024-42366 (VR Overlay RCE) VRCX, a VRChat assistant/companion app, contained a vulnerability in versions prior to 2024.03.23 where a CefSharp browser with elevated privileges could be combined with an overlay notification to perform remote command execution (RCE). The issue is doc...

CVE-2024-42366 VR Overlay RCE

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

VRCX 安全漏洞

VRCX is a helper/companion application for VRChat from the VRCX team. A security vulnerability exists in versions of VRCX prior to 2024.03.23, which stems from the fact that the CefSharp browser with over-privileges and cross-site scripting via override notifications can be used in combination to...

MAL-2024-4440 Malicious code in CefSharp.WinForm.Net.Core (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in CefSharp.WinForm.Net.Core (NuGet)

--- -= Per source details. Do not edit below this line.=-...

GHSA-4C29-GFRP-G6X9 CefSharp affected by libvpx's heap buffer overflow in vp8 encoding

Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security...

CefSharp affected by libvpx's heap buffer overflow in vp8 encoding

Google is aware that an exploit for CVE-2023-5217 exists in the wild. Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security...