| CVE-2026-46552 |
medium |
— |
5.5 |
6d ago |
NocoDB: Shared-base link access can invite arbitrary users as persistent base members |
|
| CVE-2026-46551 |
medium |
— |
5.5 |
6d ago |
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion |
|
| CVE-2026-46550 |
medium |
— |
5.5 |
6d ago |
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags |
|
| CVE-2026-46548 |
medium |
— |
5.5 |
6d ago |
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) |
|
| CVE-2026-46547 |
medium |
— |
5.5 |
6d ago |
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL |
|
| CVE-2026-46554 |
low |
— |
2.5 |
6d ago |
NocoDB: Stale Auth Cache After API Token Deletion |
|
| CVE-2026-46553 |
low |
— |
2.5 |
6d ago |
NocoDB: Attachment Size Limit Bypass via Upload-by-URL |
|
| CVE-2026-46549 |
low |
— |
2.5 |
6d ago |
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation |
|
| CVE-2026-28401 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells |
|
| CVE-2026-28397 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to Stored Cross-site Scripting via Comments |
|
| CVE-2026-28399 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to SQL Injection via DATEADD Formula |
|
| CVE-2026-28398 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells |
|
| CVE-2026-28361 |
unknown |
— |
— |
3mo ago |
NocoDB Missing Ownership Validation in MCP Token Operations |
|
| CVE-2026-28396 |
unknown |
— |
— |
3mo ago |
NocoDB's Refresh Tokens Not Revoked on Password Reset |
|
| CVE-2026-28360 |
unknown |
— |
— |
3mo ago |
NocoDB has Plaintext Storage of Shared View Passwords |
|
| CVE-2026-28359 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field |
|
| CVE-2026-28358 |
unknown |
— |
— |
3mo ago |
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint |
|
| CVE-2026-28357 |
unknown |
— |
— |
3mo ago |
NocoDB has Stored Cross-site Scripting via Formula Cell |
|
| CVE-2026-24766 |
unknown |
— |
— |
4mo ago |
NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS |
|
| CVE-2026-24767 |
unknown |
— |
— |
4mo ago |
NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality |
|
| CVE-2026-24768 |
unknown |
— |
— |
4mo ago |
NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter |
|
| CVE-2026-24769 |
unknown |
— |
— |
4mo ago |
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload |
|
| CVE-2025-27506 |
unknown |
— |
— |
1y ago |
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page |
|
| CVE-2023-49781 |
unknown |
— |
— |
2y ago |
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue |
|
| CVE-2023-50718 |
unknown |
— |
— |
2y ago |
NocoDB SQL Injection vulnerability |
|
| CVE-2023-50717 |
unknown |
— |
— |
2y ago |
NocoDB Allows Preview of Files with Dangerous Content |
|
| CVE-2023-43794 |
unknown |
— |
— |
3y ago |
nocodb SQL Injection vulnerability |
|
| CVE-2023-5104 |
unknown |
— |
— |
3y ago |
Improper Input Validation in nocodb |
|
| CVE-2022-3423 |
unknown |
— |
— |
4y ago |
NocoDB vulnerable to Denial of Service |
|
| CVE-2022-2079 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in NocoDB |
|
| CVE-2022-2063 |
unknown |
— |
— |
4y ago |
Improper Privilege Management in NocoDB |
|
| CVE-2022-2064 |
unknown |
— |
— |
4y ago |
Insufficient Session Expiration in NocoDB |
|
| CVE-2022-2062 |
unknown |
— |
— |
4y ago |
NocoDB information disclosure vulnerability |
|