Missing Authorization

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Missing Authorization via the AclMiddleware in the request authorization path. An attacker can invite users or enumerate base members by sending userInvite or baseUserList requests from a shared-base session. This...

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

Allocation of Resources Without Limits or Throttling

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AttachmentsService upload-by-URL path in the attachment handling code. An attacker can exhaust storage or processing resources by providing a remote fil...

CVE-2026-48213

creationtimestamp| type| source ---|---|--- 2026-05-21 19:22:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf5ebuiop2c...

Exploit for Link Following in Microsoft

🛡️ CVE-2026-41091 - RedSun Microsoft Defender Elevation...

CVE-2026-48235

creationtimestamp| type| source ---|---|--- 2026-05-21 19:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmf45erzqv2g...

CVE-2026-48243

creationtimestamp| type| source ---|---|--- 2026-05-21 18:55:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf3u2gu672i...

EUVD-2026-31307

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...

CVE-2026-9089

creationtimestamp| type| source ---|---|--- 2026-05-21 17:00:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmevhbebbr2e...

CVE-2025-13479

creationtimestamp| type| source ---|---|--- 2026-05-21 16:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmeuib5uav2n...

CVE-2026-43499

creationtimestamp| type| source ---|---|--- 2026-05-21 15:55:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmerscvff72i...

MAL-2026-4704 Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

Malicious code in veteran-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...

CVE-2025-71212

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2026-45251

creationtimestamp| type| source ---|---|--- 2026-05-21 13:38:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmek56jpnp2t 2026-06-01 06:06:18+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3mn7fz2lxnx2q 2026-06-01 14:11:09+00:00| seen|...

CVE-2026-9157

creationtimestamp| type| source ---|---|--- 2026-05-21 13:33:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmeju7x43d2o...

CVE-2026-5433

creationtimestamp| type| source ---|---|--- 2026-05-21 13:28:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmejlbg5wi2v...

CVE-2026-42002

creationtimestamp| type| source ---|---|--- 2026-05-21 13:13:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmeiqfn6rr2o 2026-05-25 06:30:59+00:00| seen| https://bsky.app/profile/shiojiri.com/post/3mmnu4shov22n 2026-05-28 04:01:07+00:00| seen|...

CVE-2025-71212

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2025-71212

CVE-2025-71212 affects Trend Micro Apex One Virus Scan Engine. A local attacker who can run low-privileged code can exploit a link-following weakness to escalate privileges via the VSApiNt.sys driver, as described by ZDI and mirrored in NVD. The vulnerability exists in the scan engine and can lea...