17 matches found
CVE-2026-47384
CVE-2026-47384 – NocoDB SQL Injection via Column Title in Bulk GroupBy : An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column title to a SQL fragment. The vulnerable code path builds three database-specific knex.raw() aggregations t...
CVE-2026-47384 NocoDB: SQL Injection via Column Title in Bulk GroupBy
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...
CVE-2026-47384
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...
NocoDB: SQL Injection via Column Title in Bulk GroupBy
Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...
GHSA-P8WX-5F39-W3X4 NocoDB: SQL Injection via Column Title in Bulk GroupBy
Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...
SQL Injection
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the bulk groupBy. An authenticated attacker can execute arbitrary SQL commands by setting a column's title to a crafted SQL fragment, which is then interpolated into a database query without proper...
PT-2026-47082
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description An authenticated user with column-create permissions can perform SQL injection by setting a column title to a SQL fragment. This occurs because the bulk groupBy endpoint '/bulk groupBy' in...
EUVD-2022-3559
Malicious code in bioql PyPI...
SUSE CVE-2020-12245
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...
The vulnerability of the components column.title and cellLinkTooltip in the Grafana data visualization web tool allows a hacker to exploit their privileges.
The vulnerability of the column.title and cellLinkTooltip components of the Grafana data visualization web tool is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
GHSA-CCMG-W4XM-P28V Grafana XSS in header column rename
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...
grafana: XSS via column.title or cellLinkTooltip
A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...
The vulnerability of the components column.title and cellLinkTooltip in the Grafana data visualization web tool allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the column.title and cellLinkTooltip components of the Grafana data visualization web tool is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...
grafana: XSS via column.title or cellLinkTooltip
A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...
grafana: XSS via column.title or cellLinkTooltip
A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...
CVE-2020-12245
A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip...
UBUNTU-CVE-2020-12245
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip...