3 matches found
CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...
CVE-2026-53927 NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3...