NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....
5.7CVSS
6AI Score
0.0004EPSS
NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...
7.3CVSS
5.7AI Score
0.0004EPSS
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. This vulnerability may result in leakage of sensitive data in the database. Version...
6.5CVSS
6.6AI Score
0.0004EPSS
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...
6.5CVSS
5.3AI Score
0.001EPSS
6.5CVSS
5.9AI Score
0.0005EPSS
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to...
7.3CVSS
6.4AI Score
0.001EPSS
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...
7.5CVSS
7.5AI Score
0.056EPSS
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to...
7.5CVSS
7.5AI Score
0.001EPSS
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive...
7.5CVSS
7.2AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.002EPSS
5.4CVSS
5.3AI Score
0.001EPSS
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the.....
5.3CVSS
5.3AI Score
0.001EPSS
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens....
8CVSS
7.7AI Score
0.001EPSS