Nocodb

Nocodb

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2026-24769

Exploit
  • EPSS 0.02%
  • Veröffentlicht 28.01.2026 20:36:23
  • Zuletzt bearbeitet 04.02.2026 20:01:56

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing emb...

6.1

CVE-2026-24768

Exploit
  • EPSS 0.02%
  • Veröffentlicht 28.01.2026 20:32:03
  • Zuletzt bearbeitet 04.02.2026 20:04:07

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authenti...

6.4

CVE-2026-24767

Exploit
  • EPSS 0.01%
  • Veröffentlicht 28.01.2026 20:29:29
  • Zuletzt bearbeitet 04.02.2026 20:05:20

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` request. While the subsequent file r...

4.9

CVE-2026-24766

Exploit
  • EPSS 0.12%
  • Veröffentlicht 28.01.2026 20:27:42
  • Zuletzt bearbeitet 04.02.2026 20:06:08

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write o...

6.1

CVE-2025-27506

Exploit
  • EPSS 0.71%
  • Veröffentlicht 06.03.2025 19:15:27
  • Zuletzt bearbeitet 26.08.2025 18:52:47

NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-...

6.5

CVE-2023-50718

Exploit
  • EPSS 0.23%
  • Veröffentlicht 14.05.2024 14:17:02
  • Zuletzt bearbeitet 26.08.2025 18:52:19

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage...

5.4

CVE-2023-50717

Exploit
  • EPSS 0.95%
  • Veröffentlicht 14.05.2024 14:17:01
  • Zuletzt bearbeitet 26.08.2025 18:52:30

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be execut...

7.6

CVE-2023-49781

Exploit
  • EPSS 1.37%
  • Veröffentlicht 14.05.2024 14:06:05
  • Zuletzt bearbeitet 26.08.2025 18:52:39

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html t...

4.9

CVE-2023-43794

Exploit
  • EPSS 0.26%
  • Veröffentlicht 17.10.2023 21:15:46
  • Zuletzt bearbeitet 26.08.2025 18:50:51

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to ...

6.5

CVE-2023-5104

Exploit
  • EPSS 0.82%
  • Veröffentlicht 21.09.2023 09:15:10
  • Zuletzt bearbeitet 26.08.2025 18:50:51

Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.