CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-47380	NocoDB: User Enumeration via Sign-In Timing_CVE-2026-47380 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email add...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47378	NocoDB: Hidden Column Exposure in Public Shared View Endpoints_CVE-2026-47378 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the vi...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-47377	NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace()...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-47376	NocoDB: Reflected Cross-Site Scripting via Password Reset Token_CVE-2026-47376 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaS...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-47375	NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`_CVE-2026-47375 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47279	NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
LOW 2.3	CVE-2026-46554	NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their ca...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
LOW 2.1	CVE-2026-46553	NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE agai...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-46552	NocoDB: Shared-base link access can invite arbitrary users as persistent base members_CVE-2026-46552 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities ...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-46551	NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion_CVE-2026-46551 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE