Enginsight Vulnerability Database

CVE-2025-2783

Severity

HIGH

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

google:chrome

[GERMAN] Jetzt updaten! Zero-Day-Sicherheitslücke in Chrome wird angegriffen
Google hat dem Webbrowser Chrome ein Update spendiert. Es schließt eine Zero-Day-Lücke, die bereits angegriffen wird.
[ENGLISH] Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783 (CVSS score: 8.3), has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo
[GERMAN] Dringend patchen: Gefährliche Zero-Day-Lücke in Chrome für Spionage ausgenutzt
Angreifer können aus der Chrome-Sandbox ausbrechen und Code auf dem Windows-System des Nutzers ausführen. Es reicht der Besuch einer bösartigen Webseite. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/browser/">Browser</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194682&page=1&ts=1742976241" width="1" />
[GERMAN] Google Chrome/Microsoft Edge: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome/Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
[GERMAN] Notfallupdate: Kritische Sandbox-Lücke in Firefox und Tor-Browser entdeckt
Nicht nur Chrome-Nutzer sollten dieser Tage ihren Browser updaten. Eine aktiv ausgenutzte Sicherheitslücke betrifft auch die Windows-Version von Firefox. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/firefox/">Firefox</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=194773&page=1&ts=1743148082" width="1" />

CVE-2025-2825

Severity

CRITICAL

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability in the S3 authorization header processing that allows authentication bypass. Remote and unauthenticated HTTP requests to CrushFTP with known usernames can be used to impersonate a user and conduct actions on their behalf, including administrative actions and data retrieval.

CVE-2025-2857

Severity

CRITICAL

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.

CVE-2025-1974

Severity

CRITICAL

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2025-22230

Severity

HIGH

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control.A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

Discover Vulnerabilities Now!