| CVE-2026-46552 |
medium |
— |
5.5 |
|
|
|
15d ago |
NocoDB: Shared-base link access can invite arbitrary users as persistent base members |
| CVE-2026-46551 |
medium |
— |
5.5 |
|
|
|
15d ago |
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion |
| CVE-2026-46550 |
medium |
— |
5.5 |
|
|
|
15d ago |
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags |
| CVE-2026-46548 |
medium |
— |
5.5 |
|
|
|
15d ago |
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) |
| CVE-2026-46547 |
medium |
— |
5.5 |
|
|
|
15d ago |
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL |
| CVE-2026-47388 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Missing Ownership Check in MCP Attachment Read |
| CVE-2026-47387 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL |
| CVE-2026-47386 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: OAuth Authorization Code Race Condition |
| CVE-2026-47385 |
unknown |
— |
— |
|
|
|
3h ago |
NocoDB: Path Traversal via SQLite Source Filename |
| CVE-2026-47384 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: SQL Injection via Column Title in Bulk GroupBy |
| CVE-2026-47383 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Stored Cross-Site Scripting via Row Comments |
| CVE-2026-47382 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Server-Side Request Forgery via Database Connection Host |
| CVE-2026-47381 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Cross-Workspace Integration Use in Connection Test |
| CVE-2026-47380 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: User Enumeration via Sign-In Timing |
| CVE-2026-47379 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Plaintext Password Comparison in Shared Views |
| CVE-2026-47378 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Hidden Column Exposure in Public Shared View Endpoints |
| CVE-2026-47377 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin |
| CVE-2026-47376 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Reflected Cross-Site Scripting via Password Reset Token |
| CVE-2026-47375 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Postgres SQL Injection in Formula `ARRAYSORT` |
| CVE-2026-47279 |
unknown |
— |
— |
|
|
|
4h ago |
NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints |
