Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

294 New today

64,985 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

Jun 24

Critical

High

Medium

Low

Latest

CVE CVSS 2.3

NocoDB: Missing Ownership Check in MCP Attachment Read_CVE-2026-47388

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttach...

CVE-2026-47388 nocodb nocodb < 2026.05.1

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.4	CVE-2026-47387	NocoDB: Stored Cross-Site Scripting via Form View Redirect URL_CVE-2026-47387 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/use...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-47386	NocoDB: OAuth Authorization Code Race Condition_CVE-2026-47386 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authoriz...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47385	NocoDB: Path Traversal via SQLite Source Filename_CVE-2026-47385 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLit...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47384	NocoDB: SQL Injection via Column Title in Bulk GroupBy_CVE-2026-47384 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL i...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-47383	NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that exe...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47381	NocoDB: Cross-Workspace Integration Use in Connection Test_CVE-2026-47381 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integrati...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47379	NocoDB: Plaintext Password Comparison in Shared Views_CVE-2026-47379 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) co...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-23513	FOSSBilling: Broken Authorization in Client Transaction and Order Listings_CVE-2026-23513 FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endp...	FOSSBilling	FOSSBilling < 0.8.0	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-12892	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser_CVE-2026-12892 A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC exten...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

NocoDB: Missing Ownership Check in MCP Attachment Read_CVE-2026-47388

Recent Advisories

NocoDB: Stored Cross-Site Scripting via Form View Redirect URL_CVE-2026-47387

NocoDB: OAuth Authorization Code Race Condition_CVE-2026-47386

NocoDB: Path Traversal via SQLite Source Filename_CVE-2026-47385

NocoDB: SQL Injection via Column Title in Bulk GroupBy_CVE-2026-47384

NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383

NocoDB: Cross-Workspace Integration Use in Connection Test_CVE-2026-47381

NocoDB: Plaintext Password Comparison in Shared Views_CVE-2026-47379

FOSSBilling: Broken Authorization in Client Transaction and Order Listings_CVE-2026-23513

Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser_CVE-2026-12892

Protect Your Attack Surface with RedGem

Security Intelligence
Feed