Sandbox Escape Archives • Page 2 of 2 • Daily CyberSecurity

Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover

Ddos February 9, 2026

A quartet of critical vulnerabilities has been discovered in SandboxJS, a library designed to isolate and secure...

CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution Jinjava Vulnerability CVE-2026-25526 CVE-2025-59340 HubSpot RCE

CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution

Ddos February 9, 2026

A massive hole has been found in the walls of Jinjava, the popular Java-based template engine used...

CVE-2026-24002: Critical Sandbox Escape Turns Grist Spreadsheets into RCE Weapons

Ddos January 29, 2026

A seemingly innocent spreadsheet formula could be the key to compromising entire organizations, thanks to a critical...

CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape

Ddos January 29, 2026

A perfect storm of missing checks has led to a maximum-severity vulnerability in SandboxJS, a library designed...

Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

n8n Node RCE Vulnerabilities CVE-2026-44791 Prototype Pollution n8n RCE Vulnerabilities CVE-2026-27497 CVE-2026-25053 n8n RCE Vulnerability CVE-2026-21877 n8n RCE, CVE-2025-68613 n8n Git RCE, core.hooksPath Exploit

Sandbox Shattered: Critical n8n Flaw (CVSS 9.9) Allows Remote Code Execution

Ddos January 28, 2026

Security researcher Natan Nehorai of the JFrog Security Research Team has uncovered a critical Remote Code Execution...

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps Lockbit ransomware vm2 Vulnerability Sandbox Escape

CVSS 9.8 Sandbox Escape: Critical vm2 Flaw Exposes Millions of Apps

Ddos January 27, 2026

A critical security vulnerability has been unearthed in vm2, a highly popular sandbox library for Node.js used...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

CVE-2025-14026: Forcepoint DLP Flaw Lets Attackers Unchain Restricted Python

Ddos January 7, 2026

A high-severity vulnerability in the Forcepoint One DLP Client has been disclosed, revealing a method for attackers...

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons n8n Vulnerability CVE-2025-68668

n8n Sandbox Escape: How CVE-2025-68668 Turns Workflows into Weapons

Ddos January 6, 2026

A critical vulnerability in the popular workflow automation platform n8n has been dissected in a new analysis...

Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign

Ddos October 28, 2025

Researchers at Kaspersky uncovered a sophisticated espionage campaign exploiting a zero-day vulnerability in Google Chrome and delivering...

Record-Breaking Payout: Google Awards $250,000 for a Critical Chrome Flaw (CVE-2025-4609) Chrome Vulnerability CVE-2024-4761 - Google Sell Chrome CVE-2025-1920 Chrome Crash, Browser Issue

Chrome Vulnerability CVE-2024-4761 - Google Sell Chrome CVE-2025-1920 Chrome Crash, Browser Issue

Record-Breaking Payout: Google Awards $250,000 for a Critical Chrome Flaw (CVE-2025-4609)

Ddos August 12, 2025

A recently disclosed Chromium issue details a critical security vulnerability (CVE-2025-4609) discovered on April 23, 2025, by...

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution NestJS Vulnerability, Remote Code Execution

Critical RCE Flaw (CVE-2025-54782) in NestJS DevTools Allows Remote Code Execution

Ddos August 4, 2025

A critical vulnerability has been uncovered in the @nestjs/devtools-integration package—a component of the popular NestJS framework for...

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog CISA KEV, Zero-Day Exploitation

CISA Alert: Actively Exploited Zero-Days in CrushFTP, Chrome, and SysAid Added to KEV Catalog

Ddos July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with four...

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign Team46 APT, Google Chrome Zero-Day

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign

Ddos June 17, 2025

In a major revelation, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC)...

PoC Released: CVE-2025-31258 Sandbox Escape in macOS via RemoteViewServices RemoteViewServices macOS Sandbox Escape

PoC Released: CVE-2025-31258 Sandbox Escape in macOS via RemoteViewServices

Ddos May 13, 2025

Apple has released a patch for a newly disclosed vulnerability in macOS, tracked as CVE-2025-31258, that could...

CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape

Ddos May 5, 2025

Microsoft Threat Intelligence has disclosed a significant vulnerability in macOS that could allow attackers to bypass the...