Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

289 New today

64,988 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 6.9

NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from ...

CVE-2026-47279 nocodb nocodb < 2026.05.1

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-46554	NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their ca...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
LOW 2.1	CVE-2026-46553	NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE agai...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-46552	NocoDB: Shared-base link access can invite arbitrary users as persistent base members_CVE-2026-46552 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities ...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-46551	NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion_CVE-2026-46551 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-46550	NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags_CVE-2026-46550 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing bot...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
LOW 2	CVE-2026-46549	NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation_CVE-2026-46549 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_reso...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-46548	NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)_CVE-2026-46548 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in th...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-46547	NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning pag...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-41862	CVE-2026-41862_CVE-2026-41862 Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enfo...	Spring	Spring Statemachine 4.0.0	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279

Recent Advisories

NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554

NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553

NocoDB: Shared-base link access can invite arbitrary users as persistent base members_CVE-2026-46552

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion_CVE-2026-46551

NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags_CVE-2026-46550

NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation_CVE-2026-46549

NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)_CVE-2026-46548

NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547

CVE-2026-41862_CVE-2026-41862

Protect Your Attack Surface with RedGem

Security Intelligence
Feed