74667 matches found
CVE-2026-46552
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...
CVE-2026-46553
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
CVE-2026-47375
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula...
CVE-2026-47376
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or...
CVE-2026-47377
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace on a path extracted from the URL hash fragment after only checking hashPath.startsWith'/'. Protocol-relative URLs //attacker.com/… also satisfy that...
CVE-2026-47378
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...
CVE-2026-47380
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...
CVE-2026-46551
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...
CVE-2026-46554
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. The API token deletion path removed the database row bu...
CVE-2026-47382
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and...
CVE-2026-47279
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...
CVE-2026-47379
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...
CVE-2026-47381
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check...
CVE-2026-47383
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...
CVE-2026-47384
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...
CVE-2026-47385
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...
CVE-2026-47386
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...
CVE-2026-23513
FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...
CVE-2026-47387
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...
CVE-2026-47388
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...
CVE-2026-53926
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and passwordReset. OAuth access and refresh tokens were not revoked when the user changed, reset, or...
CVE-2026-53927
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16,...
CVE-2026-53928
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...
CVE-2026-12892
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...
CVE-2026-12891
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-11820
A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials apikey and apisecret into URL query parameters and sending them via GET requests. This causes credentials to be exposed in web...
CVE-2026-11819
Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...
CVE-2026-9073
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...
CVE-2025-64105
FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...
CVE-2026-53929
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...
CVE-2026-53930
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...
CVE-2026-53931
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, s...
CVE-2026-12112
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
CVE-2026-54327
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only...
CVE-2026-54326
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
CVE-2026-54328
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...
CVE-2026-54325
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded...
CVE-2026-54762
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-53622
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...
CVE-2026-48491
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...
CVE-2026-48020
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-54555
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...
CVE-2026-45792
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...
CVE-2026-55249
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...
CVE-2026-55736
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...
CVE-2026-53753
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...
CVE-2026-53754
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...
CVE-2026-53755
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...