NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

CVE-2026-41635 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution

NocoBase versions 2.0.27 and below suffer from a sandbox escape vulnerability in the Workflow Script Node. The console object passed into the Node.js vm sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout. An authenticated attacker can traverse the prototype...

CVE-2026-34156

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-34156

NocoBase exposes a sandbox escape in the Workflow Script Node: an attacker can traverse the sandbox through the host console object (console._stdout/console._stderr) prototype chain to reach the Function constructor, access process, require child_process, and achieve Remote Code Execution as root...

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

Improper Control of Dynamically-Managed Code Resources

Overview @nocobase/plugin-workflow-javascript is an Execute a piece of JavaScript in an isolated Node.js environment. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the console object passed into the sandbox context, which exposes...

EUVD-2020-24203

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-14888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out ...

CVE-2024-31932

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

CVE-2024-31932

Cross-Site Request Forgery CSRF vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28...

WordPress Blocksy Companion plugin <= 2.0.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by FearZzZz Patchstack Alliance in WordPress Plugin Blocksy Companion versions = 2.0.28...

Command injection

A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENTBODY leads to os command injection. Upgrading to version 2.0....

PT-2023-11902 · Unknown · Ons Digital Ras Collection Instrument

Name of the Vulnerable Software and Affected Versions: ONS Digital RAS Collection Instrument versions up to 2.0.27 Description: A critical issue was found in the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT BODY leads to os command injection...

CVE-2023-37657

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting XSS...

CVE-2023-37657

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting XSS...

PT-2023-26062 · Twonav · Twonav

Name of the Vulnerable Software and Affected Versions: TwoNav version 2.0.28-20230624 Description: The issue is related to Cross Site Scripting XSS. Recommendations: For version 2.0.28-20230624, consider disabling any features that may facilitate XSS attacks until a patch is available. Restrict...

CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971...