Leviticus-Triage

4 exploits Active since Mar 2025
CVE-2025-2783 GITHUB HIGH python SUSPICIOUS
Mojo in Google Chrome <134.0.6998.177 - RCE
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
13 stars
CVSS 8.3
CVE-2025-2857 GITHUB CRITICAL python SUSPICIOUS
Firefox < 136.0.4, 115.21.1, 128.8.1-128.*, 136.0.4-136.* - Sandbox Escape via IPC Handle Mismanagement
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.
13 stars
CVSS 10.0
CVE-2025-30397 GITHUB HIGH python SUSPICIOUS
Microsoft Windows Scripting Engine - Remote Code Execution via Type Confusion
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
13 stars
CVSS 7.5
CVE-2025-4664 NOMISEC MEDIUM WORKING POC
Google Chrome <136.0.7103.113 - Info Disclosure
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
13 stars
CVSS 4.3