11 matches found
CVE-2023-5104
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.
CVE-2023-43794
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL qu...
CVE-2022-2339
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-2079
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2022
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.
CVE-2022-3423
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-2064
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-22121
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens ...
CVE-2022-2063
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-22120
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the r...
CVE-2022-2062
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.