CVE-2026-41640
- EPSS 1.88%
- Veröffentlicht 07.05.2026 04:16:28
- Zuletzt bearbeitet 12.05.2026 16:51:23
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds w...
CVE-2026-41641
- EPSS 1.83%
- Veröffentlicht 07.05.2026 04:13:33
- Zuletzt bearbeitet 07.05.2026 20:23:22
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is...
CVE-2026-40346
- EPSS 0.38%
- Veröffentlicht 18.04.2026 00:16:38
- Zuletzt bearbeitet 13.05.2026 20:53:48
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-...
CVE-2026-34825
- EPSS 0.41%
- Veröffentlicht 02.04.2026 19:06:07
- Zuletzt bearbeitet 10.04.2026 15:16:03
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue() w...
CVE-2026-34156
- EPSS 36.5%
- Veröffentlicht 31.03.2026 13:33:11
- Zuletzt bearbeitet 07.04.2026 20:57:55
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom requ...