Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.7 views

CVE-2026-9179 WP Forms Connector <= 1.8 - Unauthenticated SQL Injection via 'order' Parameter

The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to insufficient escaping on the user-supplied 'order' parameter read directly from $GET'order' into...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.4 views

CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter

The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.5 views

CVE-2026-10092 Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments

The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all versions up to, and including, 1.163 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS6AI score0.00297EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.5 views

CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter

The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...

5.3CVSS6AI score0.00348EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9721 Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.4 views

CVE-2026-10091 Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting

The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

7.2CVSS6AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.5 views

CVE-2026-8905 Osiris Signature Banner <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'prepend_text' Parameter

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/24 5:33 a.m.5 views

CVE-2026-12100 URL Preview <= 1.0 - Unauthenticated Server-Side Request Forgery via 'url' Parameter

The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be use...

7.2CVSS5.9AI score0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 4:37 a.m.6 views

CVE-2026-9539 libslirp TCP URG OOB Read Information Leak

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS5.9AI score0.00106EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 3:40 a.m.7 views

CVE-2026-12851 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:40 a.m.5 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:40 a.m.5 views

CVE-2026-12849 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:40 a.m.7 views

CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:34 a.m.6 views

CVE-2026-12848 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:34 a.m.25 views

CVE-2026-12847 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:34 a.m.5 views

CVE-2026-12846 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:34 a.m.5 views

CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score0.00436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 3:34 a.m.4 views

CVE-2026-12488 GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 2:29 a.m.4 views

CVE-2026-11614 Xpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple Widgets

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00256EPSS
Exploits0References19
Vulnrichment
Vulnrichment
added 2026/06/24 2:29 a.m.5 views

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 12:49 a.m.5 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 12:17 a.m.5 views

CVE-2026-54639 Style Dictionary - Prototype Pollution in convertTokenData utility function

Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of convertTokenDatatokens, output: 'object' ;; indirect usage, via using Expand API; and/or indirect...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.6 views

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.9AI score0.0051EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.5 views

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.9AI score0.00121EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.4 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

5.8AI score0.00303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.6 views

CVE-2025-60474

A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

6.1AI score0.00579EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.4 views

CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.9AI score0.00141EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.7 views

CVE-2025-60471

A use-after-free in the gffilterpidreconfiguretaskdiscard function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.9AI score0.00136EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/24 12:0 a.m.8 views

CVE-2025-60468

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

5.7AI score0.0013EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/23 11:54 p.m.6 views

CVE-2026-7574 Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use

Anthropic Claude Desktop Cowork VM image handling confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0 validates only file presence and a version marker string before booting rootfs.img, but does not verify image content integrity at time-of-use. A local...

8.7CVSS6.5AI score0.00103EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/23 11:50 p.m.4 views

CVE-2026-5818 MCU Firmware Update Authentication Bypass on Caliptra Core

Incorrect check of function return value in Caliptra Core Runtime Firmware ActivateFirmwareCmd::activatefw modules allows bypass of Caliptra Core's verification of the MCU FW during a hitless update. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0...

7.2CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 11:49 p.m.7 views

CVE-2026-6458 AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 10:15 p.m.6 views

CVE-2026-12164 Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS5.9AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 10:11 p.m.9 views

CVE-2026-48493 Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 10:9 p.m.5 views

CVE-2026-56785 FlatPress - Stored Cross-Site Scripting via Unescaped Comment and Contact Form Fields

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 10:9 p.m.6 views

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS6AI score0.00312EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 10:7 p.m.4 views

CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 10:6 p.m.5 views

CVE-2026-12163 Stored XSS in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...

5.5CVSS5.7AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/23 9:2 p.m.4 views

CVE-2026-54518 jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/23 9:0 p.m.4 views

CVE-2026-50193 jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if and only if the service reads deeply nested 1000s of levels JSON as JsonNode...

6.3CVSS5.8AI score0.00616EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:59 p.m.4 views

CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 8:56 p.m.4 views

CVE-2026-54512 jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:53 p.m.5 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00695EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/23 8:51 p.m.4 views

CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 8:50 p.m.6 views

CVE-2026-54515 jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 8:48 p.m.7 views

CVE-2026-54516 jackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fields

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/23 8:47 p.m.4 views

CVE-2026-54517 jackson-databind: @JsonView bypass for setterless creator properties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/23 8:42 p.m.6 views

CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters are used in window.location.href and tag bindings without validation, allowing javascript: URI...

6.1CVSS5.9AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 8:41 p.m.4 views

CVE-2026-46548 NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather th...

4.3CVSS6AI score0.00176EPSS
Exploits0References1
Total number of security vulnerabilities161701