All CosmicBytez Labs articles tagged #Sandbox Escape, across news, security advisories, how-to guides, and projects.
A critical use-after-free vulnerability in Google Chrome's Core component on Windows allows remote attackers to escape the browser sandbox via a crafted HTML page. Patch to Chrome 150.0.7871.125 immediately.
A malicious Microsoft Edge extension dubbed 'Edgecution' abused the Native Messaging API to escape the browser sandbox and deliver a Python backdoor used...
All versions of the expr-eval JavaScript package are vulnerable to remote code execution through the toJSFunction() API. Crafted expressions escape the...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows sandboxed code to obtain the host TypeError constructor via Buffer.__lookupGetter__ abuse,...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows attackers to bypass the require: false security option using falsy values, circumventing the...
A CVSS 10.0 critical sandbox escape in vm2 for Node.js allows sandboxed code to access the host process via the process and inspector/promises builtins,...
A CVSS 10.0 critical vulnerability in vm2 for Node.js allows sandbox code to escape and execute arbitrary OS commands on the host system. Patched in vm2 3.11.4.
A critical out-of-bounds read and write vulnerability in the Chromium V8 engine allows remote attackers to execute arbitrary code inside a sandbox via a...
Critical sandbox escape in Lumiverse <0.9.7 lets attackers bypass JS global shadowing via crafted TSX component overrides, enabling code execution.
A CVSS 9.6 critical use-after-free vulnerability in the GPU component of Google Chrome prior to 147.0.7727.138 allows a remote attacker to potentially...
A critical sandbox escape vulnerability in PraisonAI's multi-agent framework allows attackers to bypass the Python code execution sandbox, defeating the...
Security researchers have published details of two newly patched critical vulnerabilities in n8n — CVE-2026-27577 (CVSS 9.4), an expression sandbox escape...
Popular workflow automation platform n8n hit with eight high-to-critical CVEs including a CVSS 10.0 unauthenticated RCE and sandbox escape bypassing...