Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that exploits insufficient input validation in the GPU component. The CVSS 9.6 score reflects the scope change from renderer to host, but real-world exploitation requires chaining with a separate renderer compromise and user interaction. EPSS is low at 0.05% and no public exploit is identified at time of analysis.
Sandbox escape in Google Chrome's Dawn component (versions prior to 149.0.7827.53) allows remote attackers to break out of the renderer sandbox via a crafted HTML page when a user visits a malicious site. Google Chromium rates the severity as High and a fix has shipped in the stable channel; no public exploit identified at time of analysis and EPSS exploitation probability is currently very low (0.05%).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page when a victim visits a malicious site. The flaw is rated CVSS 9.6 due to scope change (S:C) and full CIA impact, though EPSS estimates only a 0.05% near-term exploitation probability and no public exploit has been identified at time of analysis.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page abusing the Printing component. Chromium rates the issue High severity and a vendor patch is available, though no public exploit has been identified at time of analysis and EPSS remains very low at 0.05%.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows remote attackers to break out of the renderer process sandbox by delivering a crafted video file processed by the browser's codec implementation. The CVSS 9.6 score reflects a scope-changing impact across confidentiality, integrity, and availability, though exploitation requires user interaction such as visiting a malicious page. No public exploit identified at time of analysis, and EPSS exploitation probability remains low at 0.05%.
Sandbox escape in Google Chrome on Windows before 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that abuses the WebNN (Web Neural Network) API. The flaw stems from insufficient validation of untrusted input (CWE-20) reaching the WebNN component, and exploitation requires user interaction (visiting an attacker-controlled page) plus a prior renderer-compromise primitive. There is no public exploit identified at time of analysis, and the EPSS probability is very low (0.04%).
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows remote attackers to break out of the browser's renderer sandbox via a use-after-free in the Messages component triggered by a crafted HTML page. The CVSS vector indicates a scope-changing impact requiring only user interaction (visiting a malicious page), and a vendor patch is available. No public exploit identified at time of analysis and EPSS is low (0.03%), but the sandbox-escape primitive makes this a high-priority browser update.
Sandbox escape in Google Chrome's Dawn (WebGPU) component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox by luring a user to a crafted HTML page. The flaw is a use-after-free (CWE-416) object lifecycle bug; no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.03% (11th percentile). Google rates the underlying Chromium severity as Medium, but the CVSS 3.1 score of 9.6 reflects the scope change inherent to a sandbox escape.
Sandbox escape in Google Chrome on Android versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free bug in the Autofill component. Exploitation requires a victim to load a crafted HTML page and the attacker to already control the renderer, making this a second-stage primitive rather than a single-shot RCE. No public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the high CVSS reflects the impact of full sandbox escape on a mobile platform.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Device Trust component. The flaw carries a CVSS 9.6 due to scope change and full CIA impact, though Chromium rates the underlying severity as Medium and EPSS is very low (0.03%, 11th percentile); no public exploit identified at time of analysis.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows remote attackers to break out of the renderer sandbox via a use-after-free in the File Input component when a victim is lured to perform specific UI gestures on a crafted HTML page. Although Google classified the upstream severity as Medium, the CVSS 3.1 score of 9.6 reflects the scope-change impact of sandbox escape; no public exploit identified at time of analysis and EPSS is very low at 0.03%.
Sandbox escape in Google Chrome on Windows prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the Codecs component triggered by a crafted HTML page. The flaw requires user interaction (visiting a malicious page) and chains with a prior renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page. The flaw stems from an integer overflow (CWE-472) in ANGLE and requires user interaction (visiting a malicious page) plus a prior renderer compromise to chain into full sandbox escape. No public exploit identified at time of analysis, and EPSS is very low (0.03%), but Google rates the underlying issue as Medium severity within Chromium.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a race condition in the GPU process triggered by a crafted HTML page. The flaw is a use-after-free (CWE-416) reachable through normal web content rendering, and while no public exploit is identified at time of analysis, the EPSS percentile of 11% suggests low near-term opportunistic exploitation likelihood.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 enables a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page targeting a use-after-free in the ANGLE graphics layer. The flaw requires user interaction (visiting a malicious page) and changes scope, yielding high confidentiality, integrity, and availability impact on the host. No public exploit identified at time of analysis and EPSS probability is very low (0.03%, 11th percentile), but a vendor patch is available.
Sandbox escape in Google Chrome versions prior to 149.0.7827.53 stems from a type confusion bug in the ANGLE graphics translation layer that a remote attacker can trigger via a crafted HTML page. Despite a CVSS of 9.6 and a vendor-released patch, EPSS is only 0.03% and no public exploit identified at time of analysis, though Chromium-rated Medium browser bugs are routinely targeted once details are public.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page that triggers a type confusion in the GPU process. The CVSS score of 9.6 reflects the scope-changing nature of escaping the sandbox boundary, though exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise. No public exploit identified at time of analysis, and EPSS is low at 0.03%.
Sandbox escape in Google Chrome on macOS prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via an out-of-bounds write in ANGLE triggered by a crafted HTML page. The flaw carries a high CVSS of 9.6 due to scope change and full CIA impact, though no public exploit has been identified and EPSS exploitation probability remains very low at 0.03%.
Out-of-bounds write in Google Chrome's media Codecs component prior to version 149.0.7827.53 allows a remote attacker to potentially escape the renderer sandbox via a crafted video file. Successful exploitation requires the victim to load attacker-controlled video content, but the resulting scope change (S:C) means the attacker can break out of Chrome's renderer sandbox and impact resources beyond it. No public exploit has been identified at time of analysis and EPSS is very low (0.03%), but the high CVSS reflects the severe impact of a successful sandbox escape.
Sandbox escape in Google Chrome on Windows versions prior to 149.0.7827.53 can be triggered by a remote attacker via a crafted HTML page that exploits a use-after-free condition in the USB component. The flaw carries a CVSS score of 9.6 due to its scope-changing impact, though Google rated the underlying Chromium security severity as Medium, and no public exploit has been identified at time of analysis with an EPSS score of just 0.03%.
Sandbox escape in Google Chrome's Autofill component prior to version 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free (CWE-416) requiring user interaction (UI:R) and a chained renderer compromise, and no public exploit has been identified at time of analysis despite the very high 9.6 CVSS score driven by scope change.
Sandbox escape in Google Chrome's Glic component prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction and a chained renderer compromise; no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.03%.
Sandbox escape in Google Chrome on Linux prior to 149.0.7827.53 allows a remote attacker to break out of the renderer process by luring a user to a crafted HTML page that triggers a use-after-free in the Ozone display/windowing layer. Google rates the underlying Chromium issue as High severity and a vendor patch is available; no public exploit identified at time of analysis and the EPSS score is very low (0.03%).
Sandbox escape in Google Chrome's FileSystem component prior to version 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a crafted HTML page that triggers a use-after-free condition. Successful exploitation requires the victim to interact with attacker-controlled web content, but yields a scope change from the constrained renderer process to higher-privileged host context. EPSS is currently low (0.03%) and no public exploit has been identified at time of analysis, though Google rates the underlying Chromium severity as High.
Sandbox escape in Google Chrome for Android versions prior to 149.0.7827.53 stems from an out-of-bounds write in the GPU process that a remote attacker can trigger via a crafted HTML page. Google rates the underlying Chromium issue as Critical severity, and while a vendor patch is available, no public exploit identified at time of analysis and EPSS sits at 0.03% (11th percentile). The CVSS scope-changed vector (S:C) reflects the impact of breaking out of Chrome's sandbox to affect the broader Android OS context.
Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.
Sandbox escape in Google Chrome on iOS before 149.0.7827.53 can be triggered by a remote attacker who lures a user to a malicious HTML page that abuses a use-after-free condition in the WebMIDI subsystem. Successful exploitation breaks out of the renderer sandbox with high confidentiality, integrity, and availability impact, though no public exploit is identified at time of analysis and EPSS probability is very low (0.03%).
Unauthenticated remote command execution affects T3 Technology CPE routers (models T625Pro v1.0.07 and T6825G v1.0.03) through an undocumented debug CGI endpoint that processes attacker-supplied query strings as root-level shell commands. SSVC characterizes this as POC-available with total technical impact, and a public advisory has been published on GitHub, though it is not currently listed in CISA KEV.
SQL injection in SourceCodester Ship Ferry Ticket Reservation System 1.0 exposes the admin login panel to unauthenticated remote attackers via a crafted Username parameter in /admin/login.php, enabling authentication bypass and backend database manipulation. Publicly available exploit code (POC) has been published on Medium demonstrating the authentication bypass technique, elevating real-world risk despite the moderate CVSS 4.0 score of 5.5. No KEV listing at time of analysis, but the zero-prerequisite network attack vector combined with a public POC makes this a credible threat to any internet-facing deployment.
Command injection in the Acer Connect M6E 5G Portable WiFi Router allows authenticated remote attackers to install arbitrary applications or execute operating system commands by abusing internal operation codes (opcodes) whose permission checks are not properly enforced. The flaw carries a CVSS 4.0 score of 9.4 (Critical) due to network reach, low attack complexity, and scope-changing impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router allows low-privileged remote attackers to reach a debug routine (SCREEN_CLICK opcode 5053) that skips the device login prompt and drops the caller directly into an interactive shell. CVSS 4.0 rates the issue 9.4 with scope change and high impact on confidentiality, integrity, and availability of both the router and connected subsystems; no public exploit identified at time of analysis.
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial-of-service via alias amplification in Strawberry GraphQL (versions 0.172.0 through 0.315.6) allows unauthenticated remote attackers to exhaust server resources by bypassing the MaxAliasesLimiter extension using crafted GraphQL fragment spreads. The limiter performs only a static AST alias count, missing the multiplicative expansion that occurs at execution time when a fragment containing N aliases is spread M times - producing N×M resolved aliases against a limit enforced at N+M. A publicly available proof-of-concept exists demonstrating the bypass; no active exploitation has been confirmed in CISA KEV at time of analysis.
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router's M3WebServer production build exposes hard-coded backend API keys through verbose error pages, enabling remote unauthenticated attackers to harvest credentials and gain full administrative control over the device. CVSS 4.0 scores this 9.3 (Critical) with no privileges or user interaction required, though no public exploit has been identified at time of analysis.
Infinite recursion in Strawberry GraphQL's QueryDepthLimiter extension allows unauthenticated remote attackers to crash the validation process and exhaust server resources by submitting queries with circular fragment references. Affected versions 0.71.0 through 0.315.6 of the pip package strawberry-graphql fail to track visited fragments in the determine_depth function, meaning a trivially crafted two-fragment cycle (A spreads B, B spreads A) triggers a Python RecursionError before any query execution occurs. A public proof-of-concept is confirmed in GHSA-qfwv-87qj-98xq; no active exploitation is listed in CISA KEV at time of analysis.
Authentication bypass in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤ M6E_AI_1.00.000019) allows remote attackers to abuse a hardcoded global API token guarding the /v1/Plan service, granting full administrative control over network access plans. Unauthenticated attackers can create arbitrary zero-cost plans, effectively bypassing billing and access controls. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.3 reflects trivial network exploitability with no privileges or user interaction required.
Privilege escalation via MDM endpoint hijack in the Acer Connect M6E 5G Portable WiFi Router (firmware ≤M6E_AI_1.00.000019) allows locally running malicious software to overwrite the default Mobile Device Management endpoint address through broadcast events, transferring administrative control of the device to an attacker-operated MDM server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthenticated remote code execution in Seagull Software BarTender 2010, 2016 (<=R9), and 2019 (<=R10) is reachable over TCP/7375 through the BtSystem.Service.exe .NET Remoting endpoint, which runs as NT AUTHORITY\SYSTEM. The exposed singleton uses BinaryServerFormatterSinkProvider with TypeFilterLevel=Full, allowing attackers to abuse deserialization-style object unmarshalling to read/write arbitrary files, coerce NTLMv2 authentication via UNC paths, or pivot to full code execution. No public exploit identified at time of analysis, but the VulnCheck advisory documents the attack primitives in detail.
Cryptographic weaknesses in the Acer Connect M6E 5G Portable WiFi Router (firmware versions through M6E_AI_1.00.000019) combine TrustAllCerts routines that bypass TLS certificate validation with hard-coded DES symmetric encryption keys, enabling a network-positioned attacker to decrypt traffic between the device and its backend services. CVSS 4.0 rates this 9.2 (Critical) given the unauthenticated network attack surface and high confidentiality/integrity impact, though attack complexity is rated High due to the MITM positioning requirement. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the framework's class registration, TypeChecker, and DisallowedList security controls on Java/JVM platforms. By crafting malicious Fory-serialized payloads that exercise the replace-resolve path, an attacker can invoke arbitrary readResolve/readExternal hooks on any class present on the classpath, enabling gadget-chain abuse without authentication. No public exploit identified at time of analysis, but the CVSS 9.1 score and CWE-502 classification reflect the high impact typical of Java deserialization sinks.
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-origin information disclosure in Google Chrome's Forms component prior to version 149.0.7827.53 allows a remote attacker to leak sensitive data from other origins through a crafted HTML page. The flaw is rated CVSS 9.1 due to high confidentiality and integrity impact over the network without authentication, though Google's Chromium team internally rated it Medium severity. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile).
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Privilege escalation in MISP threat intelligence platform versions through 2.5.38 allows authenticated users to modify other users' account attributes by submitting a crafted User.id parameter in edit requests. The UsersController::edit() function failed to strip user-supplied identifiers before processing, enabling cross-account modifications. No public exploit identified at time of analysis, but the source code fix is publicly visible in the upstream commit.
Stored cross-site scripting in Tautulli before 2.17.1 allows low-privilege authenticated users (including guests when guest access is enabled) to inject HTML/JavaScript into the main application log via the log_js_errors endpoint, which later executes in an administrator's browser when the admin opens the logFile viewer. The flaw enables privilege escalation against the Plex Media Server monitoring tool's admin account. No public exploit identified at time of analysis, but the vendor-published advisory and confirmed patch in 2.17.1 make the issue well-documented.
Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh installations (pre-setup wizard) by abusing the newsletter custom template directory feature to load a malicious Mako template from an attacker-controlled SMB share. On completed installations the same chain remains exploitable by any authenticated admin. Publicly available exploit code exists per SSVC, and the SSVC framework rates this as automatable with total technical impact, though no CISA KEV listing has been confirmed.