Lucene search
K

4 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.10 views

CVE-2026-47384

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:15 p.m.23 views

CVE-2026-47384

CVE-2026-47384 – NocoDB SQL Injection via Column Title in Bulk GroupBy : An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column title to a SQL fragment. The vulnerable code path builds three database-specific knex.raw() aggregations t...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 8:15 p.m.3 views

CVE-2026-47384 NocoDB: SQL Injection via Column Title in Bulk GroupBy

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS5.9AI score0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 8:15 p.m.31 views

CVE-2026-47384 NocoDB: SQL Injection via Column Title in Bulk GroupBy

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...

5.3CVSS0.00306EPSS
Exploits0References1
Rows per page
Query Builder