CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment...

CVE-2025-69234

Affected software: Whale browser (pre-4.35.351.12). Vulnerability: iframe sandbox escape in a sidebar environment. Root cause / impact: An attacker could escape the iframe sandbox, potentially bypassing security restrictions associated with the sandboxed context. The CVE entry and connected advis...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.35.351.12, which originates from an iframe sandbox escape in the sidebar environment...

PT-2025-53834

Name of the Vulnerable Software and Affected Versions Whale browser versions prior to 4.35.351.12 Description The Whale browser is susceptible to an iframe sandbox escape in a sidebar environment. An attacker can leverage this to bypass security restrictions imposed by the iframe sandbox...

Exploit for Improper Encoding or Escaping of Output in Git

CVE-2024-52005: ANSI Escape Sequence Injection in Git Over...

UBUNTU-CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

CVE-2025-14180

CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...

EUVD-2025-205486

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

Exploit for CVE-2025-68613

CVE-2025-68613 – n8n Critical RCE Exploitation Overview T...

CVE-2018-25143

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

CVE-2025-13773

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerceDeliveryNotes::update' function. This is due to missing capability check in the 'WooCommerceDeliveryNotes::update' functio...

AlmaLinux 8 : container-tools:rhel8 (ALSA-2025:23543)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:23543 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

httpd:2.4 security update

httpd 2.4.37-65.0.1.7 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.7 - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

CVE-2025-14372

Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

SUSE-SU-2025:4504-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. - CVE-2025-14087: buffer underflow in the GVariant parser...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

CLSA-2025-1766137317 podman: Fix of 2 CVEs

CVE-2025-52881: container escape and denial of service due to arbitrary write gadgets and procfs write redirects - CVE-2025-58183: fix unbounded allocation when parsing GNU sparse map...

CVE-2025-66905

The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system...