Lucene search
K

4 matches found

CVE
CVE
added 2026/06/23 8:34 p.m.19 views

CVE-2026-47378

CVE-2026-47378 concerns NocoDB, where before 2026.04.1 public shared-view endpoints could expose hidden-column values through three paths: (1) groupBy could return raw values for any column named in the request, (2) filter and sort arrays operated on hidden columns allowed boolean-blind extractio...

6.9CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:18 p.m.20 views

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:18 p.m.5 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/05 3:52 p.m.6 views

GHSA-9WGH-M22W-9XJ8 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints

Summary The public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on the view's table — including columns the view owner had hidden. Details...

6.9CVSS5.5AI score0.00239EPSS
Exploits0References3
Rows per page
Query Builder