Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 3 days ago5 views

CVE-2026-47385

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelistadded 3 days ago28 views

CVE-2026-47385 NocoDB: Path Traversal via SQLite Source Filename

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS0.00324EPSS
Exploits0References1
CVE
CVEadded 3 days ago35 views

CVE-2026-47385

CVE-2026-47385 (NocoDB) : An authenticated user with base-create permission can attach a SQLite source that points to an arbitrary file on the host, bypassing location restrictions in the SQLite client and base-create services. This can target internal databases (e.g., noco.db or tenant databases...

5.3CVSS6AI score0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 3 days ago5 views

CVE-2026-47385

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS6AI score0.00324EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/06/05 4:20 p.m.13 views

NocoDB: Path Traversal via SQLite Source Filename

Summary An authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. Details The SQLite client and the base/integration create services accepted a caller-supplied filename and passed it to...

5.3CVSS5.6AI score0.00324EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/06/05 4:20 p.m.6 views

GHSA-WVQJ-9WV4-7FF5 NocoDB: Path Traversal via SQLite Source Filename

Summary An authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. Details The SQLite client and the base/integration create services accepted a caller-supplied filename and passed it to...

5.3CVSS5.6AI score0.00324EPSS
Exploits0References3
Snyk
Snykadded 2026/06/05 4:20 p.m.6 views

Directory Traversal

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Directory Traversal in the process that handles SQLite source filenames. An attacker can gain unauthorized access to or modify internal application data by supplying a crafted filename that points to arbitrary files...

5.4CVSS6.1AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.13 views

PT-2026-47083

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated user with base-create permission can attach a SQLite source pointing to an arbitrary file on the host, including internal databases. The SQLite client and the base/integration...

5.3CVSS6AI score0.00324EPSS
Exploits0References5
Rows per page
Query Builder