CVE-2023-2783

Mozilla warns Windows users of critical Firefox sandbox escape flaw - In October, Mozilla also patched a zero-day vulnerability (CVE-2024-9680) in Firefox's animation timeline feature exploited by the Russian-based RomCom cybercrime group that let the attackers gain code execution in the web browser's sandbox. ...
11 months ago Bleepingcomputer.com CVE-2024-9680

CISA tags recently patched Chrome bug as actively exploited - This is the second actively exploited Chrome zero-day patched by Google this year, after another high-severity Chrome zero-day bug (CVE-2025-2783), which was abused to target Russian government organizations, media outlets, and educational ...
9 months ago Bleepingcomputer.com CVE-2025-2783

Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild - “The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even ...
11 months ago Cybersecuritynews.com CVE-2025-2783

Operation ForumTroll - APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections - Security researchers describe the vulnerability as particularly dangerous because it allows attackers to bypass Chrome’s sandbox “as if it didn’t exist,” effectively eliminating a critical browser security layer. The campaign ...
11 months ago Cybersecuritynews.com CVE-2025-2783

CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, ...
11 months ago Cybersecuritynews.com CVE-2025-2783

Google fixes high severity Chrome flaw with public exploit - The vulnerability was discovered by Solidlab security researcher Vsevolod Kokorin and is described as an insufficient policy enforcement in Google Chrome's Loader component that lets remote attackers leak cross-origin data via maliciously crafted ...
9 months ago Bleepingcomputer.com CVE-2025-2783

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com

CVE-2023-54258 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

CVE-2023-2783 - Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. ...
2 years ago

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com

Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
7 months ago Bleepingcomputer.com CVE-2025-7656

Google fixes fourth actively exploited Chrome zero-day of 2025 - Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, ...
8 months ago Bleepingcomputer.com CVE-2025-4664

CVE-2007-2783 - Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should ...
7 years ago

CVE-2025-2857 - Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a ...
11 months ago

CVE-2013-2783 - The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000. ...
12 years ago

CVE-2009-2783 - Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php. ...
12 years ago

CVE-2016-2783 - Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted ...
9 years ago

CVE-2005-2783 - Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. ...
8 years ago

CVE-2018-2783 - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit ...
3 years ago

CVE-2022-2783 - In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token ...
2 years ago

CVE-2024-2783 - The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due ...
1 year ago Tenable.com

CVE-2025-2783 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) ...
11 months ago CVE-2025-2783 CVE-2025-2857 CVE-2024-49039 CVE-2025-4664

CVE-2008-2783 - Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) ...
8 years ago

CVE-2014-2783 - Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification ...
7 years ago