CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

EUVD-2013-2491

Malware in sbrugna...

CVE-2025-31189

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox...

CVE-2025-31258

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox...

Integer overflow

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox...

About the security content of iOS 16.4 and iPadOS 16.4

About the security content of iOS 16.4 and iPadOS 16.4 This document describes the security content of iOS 16.4 and iPadOS 16.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

SUSE CVE-2013-2549

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...

CVE-2020-10014

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox...

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

Automatic Server Side Template Injection Exploitation: Tplmap

Automatic Server Side Template Injection Exploitation Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This assists SSTI exploitation to compromise the application and achieve remote command...

acroread: Unspecified vulnerability allows remote attackers to execute arbitrary code (CanSecWest 2013)

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013...