Lucene search
K

4 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46551

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...

6.5CVSS0.00235EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:44 a.m.10 views

SUSE CVE-2026-24767

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...

6.4CVSS5.9AI score0.00198EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/28 8:29 p.m.7 views

EUVD-2026-4871

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...

4.9CVSS5.9AI score0.00198EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.5 views

PT-2026-5219

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0 Description A Server-Side Request Forgery SSRF issue exists in the uploadViaURL functionality due to an unprotected HEAD request. The initial metadata request executes without validation, allowing limited...

6.4CVSS6AI score0.00198EPSS
Exploits1References10
Rows per page
Query Builder