Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.11 views

CVE-2026-53929

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS0.00288EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 7:44 p.m.3 views

CVE-2026-53929 NocoDB: Stored Cross-Site Scripting via Secure Attachment

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:44 p.m.19 views

CVE-2026-53929

NocoDB (pre-2026.05.1) is affected by a Stored Cross-Site Scripting vulnerability when NC_SECURE_ATTACHMENTS=true. An authenticated uploader could deliver .html or .svg attachments that the browser renders inline from the NocoDB origin due to a header-key casing mismatch (ResponseContentDispositi...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/17 2:7 p.m.15 views

NocoDB: Stored Cross-Site Scripting via Secure Attachment

Summary With NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. Details The signed attachment handler stored response-header overrides under PascalCase keys...

5.1CVSS5.3AI score0.00288EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50475

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description When NC SECURE ATTACHMENTS is set to true, an authenticated uploader can upload .html or .svg attachments that the browser renders inline from the NocoDB origin instead of forcing a download. This...

5.1CVSS5.7AI score0.00288EPSS
Exploits0References5
Citrix
Citrix
added 2017/02/14 12:0 a.m.8 views

How to Enable App Interaction Between XenMobile Secure Mail and Microsoft Office Apps

This document will help you understand how the XenMobile managed Secure Mail application will use Microsoft Office application to open the attachments in a controlled and secured manner. Environment Machine| Details ---|--- Active Directory| Win 2012 Certificate Authority| NA SQL Database| MS SQL...

7.5AI score
Exploits0
Rows per page
Query Builder