Lucene search
K

4 matches found

CVE
CVE
added 2026/06/23 8:37 p.m.18 views

CVE-2026-46553

CVE-2026-46553 affects NocoDB prior to 2026.04.1, where the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote file’s Content-Length or the decoded length of a data: URI. This allowed an authenticated user with upload permissions to bypass the configured per-file size ...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:37 p.m.7 views

CVE-2026-46553

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/21 8:38 p.m.21 views

NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...

6.5CVSS6.8AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder