VIR Vulnerability Intelligence Relay

Package impact

npm NPM / nocodb

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-46552 medium 5.5 8d ago NocoDB: Shared-base link access can invite arbitrary users as persistent base members
CVE-2026-46551 medium 5.5 8d ago NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
CVE-2026-46550 medium 5.5 8d ago NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
CVE-2026-46548 medium 5.5 8d ago NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
CVE-2026-46547 medium 5.5 8d ago NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
CVE-2026-46554 low 2.5 8d ago NocoDB: Stale Auth Cache After API Token Deletion
CVE-2026-46553 low 2.5 8d ago NocoDB: Attachment Size Limit Bypass via Upload-by-URL
CVE-2026-46549 low 2.5 8d ago NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation