Lucene search
K

91 matches found

Github Security Blog
Github Security Blog
added 2026/01/28 9:41 p.m.25 views

NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS

Summary An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPERADMIN authorization...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/01/28 9:16 p.m.4 views

CVE-2026-24766

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS0.00348EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/28 8:27 p.m.4 views

CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/28 8:27 p.m.25 views

CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS0.00348EPSS
Exploits1References1
OSV
OSV
added 2026/01/28 8:27 p.m.5 views

CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References3
CVE
CVE
added 2026/01/28 8:27 p.m.24 views

CVE-2026-24766

NocoDB prior to 0.301.0 is affected by a prototype pollution in /api/v2/meta/connection/test. An authenticated user with org-level-creator permissions can trigger pollution that causes all database write operations to fail until the server is restarted. The issue bypasses SUPER_ADMIN checks but c...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

NocoDB security vulnerabilities

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.0 contained a security vulnerability. This vulnerability stemmed from a prototype pollution issue in...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/16 3:27 p.m.3 views

CVE-2025-68164

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test...

2.7CVSS6.6AI score0.00202EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 3:27 p.m.3 views

EUVD-2025-203766

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test...

2.7CVSS6.4AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 3:27 p.m.9 views

CVE-2025-68164

JetBrains TeamCity is affected when running versions prior to 2025.11.0. CVE-2025-68164 allows port enumeration via the Perforce connection test. The issue is described as a low-severity, network-accessible condition (CVSS 3.1: 2.7; confidentiality impact Low; privileges required High; user inter...

2.7CVSS6.6AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51715

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test...

2.7CVSS7AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1272

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0079EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1570

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00523EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:37 a.m.11 views

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.4AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:4 a.m.8 views

CVE-2022-28143

A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...

7.5CVSS6.5AI score0.00642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:30 p.m.10 views

CVE-2022-0944

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1...

9.1CVSS6.9AI score0.08669EPSS
Exploits12References1
VulnCheck KEV
VulnCheck KEV
added 2025/01/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-50603

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

10CVSS7.5AI score0.98545EPSS
Exploits5References1
OSV
OSV
added 2024/03/06 6:30 p.m.21 views

GHSA-64C5-R2H5-C2FG Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.3CVSS6.4AI score0.00408EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.29 views

Jenkins docker-build-step Plugin missing permission check

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...

8.8CVSS6.7AI score0.00826EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.32 views

Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS6.8AI score0.00408EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder