Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/05 4:19 p.m.5 views

SQL Injection

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the bulk groupBy. An authenticated attacker can execute arbitrary SQL commands by setting a column's title to a crafted SQL fragment, which is then interpolated into a database query without proper...

8.8CVSS6.2AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:4 p.m.7 views

User Impersonation

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to User Impersonation via the testConnection endpoint when the integration is fetched in a bypass scope and permission checks are insufficiently scoped to the integration's workspace. An attacker can gain unauthorized...

6.9CVSS5.4AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:3 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public shared-view endpoints, which exposed values from columns that were intended to be hidden. An attacker can access sensitive information by crafting reques...

6.9CVSS5.3AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 3:52 p.m.5 views

Access Control Bypass

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Access Control Bypass via the publicMmList, publicHmList, relDataList, and nested endpoints when the show flag for a column is not properly checked. An attacker can access hidden linked records by supplying a valid...

6.9CVSS5.3AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 6:36 p.m.2 views

SQL Injection

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the DATEADD formula's unit parameter. An attacker with the Creator role can execute arbitrary SQL commands by supplying crafted input to this parameter. Remediation Upgrade nocodb to version 0.301.3 ...

8.8CVSS6.2AI score0.00319EPSS
Exploits0References2
Rows per page
Query Builder