VYPR

Sandboxie-Plus

by Sandboxie

Source repositories

CVEs (11)

  • CVE-2018-18748CriOct 29, 2018
    risk 0.65cvss 10.0epss 0.02

    Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality

  • CVE-2024-49360CriNov 29, 2024
    risk 0.60cvss 9.2epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders…

  • CVE-2022-28067HigMay 4, 2022
    risk 0.56cvss 8.6epss 0.01

    An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.

  • CVE-2022-50920HigJan 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability in the SbieSvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with…

  • CVE-2025-46715HigMay 22, 2025
    risk 0.51cvss 7.8epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in…

  • CVE-2025-46714HigMay 22, 2025
    risk 0.51cvss 7.8epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the…

  • CVE-2025-46713HigMay 22, 2025
    risk 0.51cvss 7.8epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller…

  • CVE-2025-46716MedMay 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in…

  • CVE-2019-25551Mar 21, 2026
    risk 0.00cvss epss 0.00

    Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program'…

  • CVE-2025-64721Dec 11, 2025
    risk 0.00cvss epss 0.01

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a…

  • CVE-2025-54422MedJul 29, 2025
    risk 0.00cvss 5.5epss 0.00

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via…