Lucene search
K

6 matches found

NVD
NVD
added 2026/06/23 9:17 p.m.8 views

CVE-2026-53931

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, s...

6.9CVSS0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 7:41 p.m.25 views

CVE-2026-53931 NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, s...

6.9CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 7:41 p.m.13 views

CVE-2026-53931

NocoDB: Server-Side Request Forgery via the spreadsheet-import endpoint (axiosRequestMake) allowed unauthenticated use as a generic HTTP proxy prior to 2026.05.1, enabling potentially unintended requests to internal destinations. The issue is fixed in 2026.05.1. The GHSA/OSV/PT-Security disclosur...

6.9CVSS5.9AI score0.00295EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.9CVSS5.8AI score0.00295EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:8 p.m.12 views

NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

Summary The spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv for example...

6.9CVSS5.3AI score0.00295EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-21158 · Unknown · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: Product Catalog CSV, Excel Import simpleimportproduct versions = 6.7.0 Description: A guest can upload files with extensions .php, potentially allowing malicious code execution. Recommendations: For versions = 6.7.0, restrict access to the fi...

9.1CVSS7.7AI score0.00789EPSS
Exploits1References4
Rows per page
Query Builder