Lucene search
+L

5 matches found

nvd
nvd
added 2026/06/23 9:16 p.m.10 views

CVE-2026-47379

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 8:17 p.m.5 views

CVE-2026-47381

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check...

6.9CVSS5.9AI score0.00313EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/23 8:15 p.m.5 views

CVE-2026-47383

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/23 8:11 p.m.6 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/23 8:11 p.m.4 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS6AI score0.00234EPSS
Exploits0References3
Rows per page
Query Builder