Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21148
Total
1520
Critical
6441
High
6722
Medium
CVE ID Severity Score Description Published
CVE-2026-47387 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/useSharedFormViewStore.ts) in NocoDB writes the form's redirect_url to window.location.href … Jun 23, 2026
CVE-2026-47386 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a … Jun 23, 2026
CVE-2026-47385 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an … Jun 23, 2026
CVE-2026-47384 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint … Jun 23, 2026
CVE-2026-47383 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when … Jun 23, 2026
CVE-2026-47382 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without … Jun 23, 2026
CVE-2026-47381 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint … Jun 23, 2026
CVE-2026-47380 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch … Jun 23, 2026
CVE-2026-47379 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, … Jun 23, 2026
CVE-2026-47378 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via … Jun 23, 2026
CVE-2026-47377 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace() on a path extracted from the URL hash … Jun 23, 2026
CVE-2026-47376 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaScript string literal in … Jun 23, 2026
CVE-2026-47375 MEDIUM 6.0 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL … Jun 23, 2026
CVE-2026-47279 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the … Jun 23, 2026
CVE-2026-46554 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the … Jun 23, 2026
CVE-2026-46553 UNKNOWN NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE against either the remote file's advertised Content-Length … Jun 23, 2026
CVE-2026-46552 MEDIUM 5.8 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the … Jun 23, 2026
CVE-2026-46551 MEDIUM 6.5 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC_ATTACHMENT_FIELD_SIZE against the … Jun 23, 2026
CVE-2026-46550 MEDIUM 5.4 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing both the secure flag … Jun 23, 2026
CVE-2026-46549 LOW 2.0 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the … Jun 23, 2026
CVE-2026-46548 MEDIUM 4.3 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, … Jun 23, 2026
CVE-2026-46547 MEDIUM 6.1 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and … Jun 23, 2026
CVE-2026-41862 HIGH 8.8 Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which … Jun 23, 2026
CVE-2026-23513 UNKNOWN FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients … Jun 23, 2026
CVE-2026-12892 MEDIUM 4.4 A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, … Jun 23, 2026