Tag

Nocobase

3 briefs RSS

NocoBase plugin-workflow-javascript Sandbox Escape Vulnerability

A remote code execution vulnerability exists in NocoBase plugin-workflow-javascript versions up to 2.0.23 due to a sandbox escape in the createSafeConsole function, allowing unauthenticated attackers to potentially execute arbitrary code on the server.

exploited nocobase rce sandbox-escape cve-2026-6224

2r 1t 1c 2w ago

high advisory

NocoBase SQL Injection via Missing Validation on Update Endpoint

2 rules 1 TTP

A SQL injection vulnerability exists in nocobase plugin-collection-sql versions 2.0.32 and earlier due to missing validation on the sqlCollection:update endpoint, allowing attackers with collection management permissions to execute arbitrary SQL queries and exfiltrate data.

plugin-collection-sql sql-injection web-application nocobase

2r 1t Jan 24, 2024

critical advisory

NocoBase SQL Injection via Recursive Eager Loading

2 rules 4 TTPs

NocoBase versions 2.0.32 and earlier are vulnerable to SQL injection due to string concatenation in the `queryParentSQL()` function, allowing attackers with record creation permissions to inject arbitrary SQL and potentially extract sensitive information or execute commands.

NocoBase sqli cve-2026-41640 injection

2r 4t Jan 3, 2024