Nocodb

Nocodb

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-24768

Exploit
  • EPSS 0.27%
  • Veröffentlicht 28.01.2026 20:32:03
  • Zuletzt bearbeitet 04.02.2026 20:04:07

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authenti...

6.4

CVE-2026-24767

Exploit
  • EPSS 0.2%
  • Veröffentlicht 28.01.2026 20:29:29
  • Zuletzt bearbeitet 04.02.2026 20:05:20

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` request. While the subsequent file r...

4.9

CVE-2026-24766

Exploit
  • EPSS 0.35%
  • Veröffentlicht 28.01.2026 20:27:42
  • Zuletzt bearbeitet 04.02.2026 20:06:08

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write o...

6.1

CVE-2025-27506

Exploit
  • EPSS 0.68%
  • Veröffentlicht 06.03.2025 19:15:27
  • Zuletzt bearbeitet 26.08.2025 18:52:47

NocoDB is software for building databases as spreadsheets. The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. The endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-...

6.5

CVE-2023-50718

Exploit
  • EPSS 0.7%
  • Veröffentlicht 14.05.2024 14:17:02
  • Zuletzt bearbeitet 26.08.2025 18:52:19

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage...

5.4

CVE-2023-50717

Exploit
  • EPSS 0.57%
  • Veröffentlicht 14.05.2024 14:17:01
  • Zuletzt bearbeitet 26.08.2025 18:52:30

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be execut...

7.6

CVE-2023-49781

Exploit
  • EPSS 0.61%
  • Veröffentlicht 14.05.2024 14:06:05
  • Zuletzt bearbeitet 26.08.2025 18:52:39

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html t...

4.9

CVE-2023-43794

Exploit
  • EPSS 0.79%
  • Veröffentlicht 17.10.2023 21:15:46
  • Zuletzt bearbeitet 26.08.2025 18:50:51

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to ...

6.5

CVE-2023-5104

Exploit
  • EPSS 0.64%
  • Veröffentlicht 21.09.2023 09:15:10
  • Zuletzt bearbeitet 26.08.2025 18:50:51

Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.

7.5

CVE-2023-35843

Exploit
  • EPSS 8.95%
  • Veröffentlicht 19.06.2023 18:15:09
  • Zuletzt bearbeitet 12.12.2024 01:24:18

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attack...