Lucene search
K

4565 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:42 p.m.6 views

CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:42 p.m.25 views

CVE-2026-53930 NocoDB: Server-Side Request Forgery via Base Migration URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 7:42 p.m.13 views

CVE-2026-53930

The CVE describes a Server-Side Request Forgery in NocoDB via the base-migration endpoint. A caller-supplied migration URL could be dereferenced by the migration worker without enforcing protocol or destination, enabling scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/23 5:1 p.m.5 views

Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:1 p.m.4 views

GHSA-G2F5-GJR4-QJVM Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51623

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References13
OSV
OSV
added 2026/06/22 10:57 p.m.2 views

GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite

internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...

7.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.6 views

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration The lrugenmigratemm function assumes that lrugenaddmm runs before it. This assumption is not true in the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite...

5.5CVSS6.1AI score0.00192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fixed the TLBI RANGE operand KVM/arm64 relies on the TLBI RANGE feature to flush TLBs when the dirty pages are collected by the VMM and the page table entries become write-protected during live migration. Unfortunatel...

5.5CVSS6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark the target gfn of the emulated atomic instruction as dirty. When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to execute but fails without...

5.5CVSS6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel before version 5.10. The file drivers/infiniband/core/ucma.c contains a use-after-free, as the context of the ctx variable is accessed through ctxlist in certain situations where ucmamigrateid is called, specifically when ucmaclose is invoked. This issue...

7.8CVSS6.5AI score0.01476EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: The issue where the isbpfmigrationdisabled function returned a false negative result when config PREEMPTRCU was not enabled was fixed. Since the commit 8e4f0b1ebcf2 “bpf: use rcureadlockdontmigrate for trampoline.c”, th...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a warning during rehash As previously explained, the rehash process delays the migration of filters from one region to another. This is done by iterating over all chunks all filters with the same...

5.5CVSS6.1AI score0.00224EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: Do not read mapcount for migration entries The syzbot reported the following bug: Kernel bug at include/linux/page-flags.h: 785 Invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1; PID: 4392; Comm: syz-executor560...

5.5CVSS5.7AI score0.00289EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of tagging the “gcing” flag on the page during block migration. It is necessary to add the missing “gcing” flag on the page during block migration, in order to ensure that the migrated data is persisted duri...

7.1CVSS5.8AI score0.00251EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a possible use-after-free during rehash. The rehash process delays the migration of filters from one region to another based on the number of available credits. If the number of credits is...

8.8CVSS5.9AI score0.00935EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: The srcfolio field was changed after ensuring it was not pinned in the UFFDIOMOVE operation. The commit d7a08838ab74 “mm: userfaultfd: fix unexpected changes to srcfolio when UFFDIOMOVE fails” changed the value of...

5.5CVSS6AI score0.00227EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue tasks on CPUs excluded from cpusmask. The following warning was triggered on a large machine during boot time in a distribution kernel; the same issue should also affect the mainline version of the...

5.5CVSS5.7AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder