23 matches found
GHSA-96FH-M4R8-6V9V NocoDB: Cross-Workspace Integration Use in Connection Test
Summary A user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. Details The connection-test endpoint...
PT-2026-46999
Summary A user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. Details The connection-test endpoint...
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...
CVE-2026-28399
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
GHSA-45RP-9P97-H852 NocoDB Vulnerable to SQL Injection via DATEADD Formula
Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...
NocoDB Vulnerable to SQL Injection via DATEADD Formula
Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...
GHSA-VX5P-Q85X-XM3C NocoDB has Stored Cross-site Scripting via Formula Cell
Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...
SQL Injection
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the DATEADD formula's unit parameter. An attacker with the Creator role can execute arbitrary SQL commands by supplying crafted input to this parameter. Remediation Upgrade nocodb to version 0.301.3 ...
CVE-2026-28399
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
CVE-2026-28399
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
EUVD-2026-9214
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
CVE-2026-28399
NocoDB prior to 0.301.3 allows an authenticated user with Creator role to inject arbitrary SQL via the DATEADD formula’s unit parameter. The vulnerability affects NocoDB installations using DATEADD with the unit parameter and could lead to arbitrary SQL execution with the user’s privileges, poten...
PT-2026-22636
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description NocoDB is software for building databases as spreadsheets. An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. The issue affects versions prior...
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...
PT-2026-5360
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.26.4 Description Budibase is a low code platform used for building internal tools, workflows, and admin panels. A Creator-level user, normally lacking UI permissions to invite users, can manipulate API requests to...
CVE-2024-12114
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...
CVE-2024-12114
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...