| CVE-2026-46554 |
low |
— |
2.5 |
|
|
|
15d ago |
NocoDB: Stale Auth Cache After API Token Deletion |
| CVE-2026-46553 |
low |
— |
2.5 |
|
|
|
15d ago |
NocoDB: Attachment Size Limit Bypass via Upload-by-URL |
| CVE-2026-46549 |
low |
— |
2.5 |
|
|
|
15d ago |
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation |
| CVE-2026-47388 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Missing Ownership Check in MCP Attachment Read |
| CVE-2026-47387 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL |
| CVE-2026-47386 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: OAuth Authorization Code Race Condition |
| CVE-2026-47385 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Path Traversal via SQLite Source Filename |
| CVE-2026-47384 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: SQL Injection via Column Title in Bulk GroupBy |
| CVE-2026-47383 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Stored Cross-Site Scripting via Row Comments |
| CVE-2026-47382 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Server-Side Request Forgery via Database Connection Host |
| CVE-2026-47381 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Cross-Workspace Integration Use in Connection Test |
| CVE-2026-47380 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: User Enumeration via Sign-In Timing |
| CVE-2026-47379 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Plaintext Password Comparison in Shared Views |
| CVE-2026-47378 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Hidden Column Exposure in Public Shared View Endpoints |
| CVE-2026-47377 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin |
| CVE-2026-47376 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Reflected Cross-Site Scripting via Password Reset Token |
| CVE-2026-47375 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` |
| CVE-2026-47279 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints |
