Lucene search
K

6 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:11 p.m.6 views

CVE-2026-47387

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.31 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:11 p.m.33 views

CVE-2026-47387

NocoDB (the issue CVE-2026-47387) has a stored XSS due to the shared form-view redirect_url handling. The vulnerable sink in packages/nc-gui/composables/useSharedFormViewStore.ts validates only string/non-empty redirect_url and fails to validate URL schemes, causing non-network schemes (e.g., jav...

8.4CVSS5.9AI score0.00234EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.03425EPSS
Exploits4References2
curl security advisories
curl security advisories
added 2022/04/27 8:0 a.m.73 views

Credential leak on redirect

curl follows HTTPS redirects when asked to. curl also supports authentication. When a user and password are provided for a URL with a given hostname, curl makes an effort to not pass on those credentials to other hosts in redirects unless given permission with a special option. This "same host...

5.7CVSS6.1AI score0.01595EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder