Lucene search
K

4 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.6 views

CVE-2026-46548

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

4.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:41 p.m.19 views

CVE-2026-46548

NocoDB (CVE-2026-46548 ) exhibits an SSRF protection bypass in the notification webhook plugins for Slack, Discord, Mattermost, and Teams. Root cause: in the affected code paths, the httpAgent/httpsAgent were incorrectly placed in the request body of axios.post instead of the config argument, all...

4.3CVSS6AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42674

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The request-filtering-agent Server-Side Request Forgery SSRF protection is non-functional in the Slack, Discord, Mattermost, and Teams notification webhook plugins. This occurs because the httpAge...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.8 views

PT-2026-42584

Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...

4.3CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder