Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

284 New today
64,932 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
Jun 24
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.1 CVE-2026-47377

NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin_CVE-2026-47377

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace()...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 5.1 CVE-2026-47376

NocoDB: Reflected Cross-Site Scripting via Password Reset Token_CVE-2026-47376

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the password-reset page rendered the URL token directly into a JavaS...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6 CVE-2026-47375

NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`_CVE-2026-47375

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6.9 CVE-2026-47279

NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied...

nocodb nocodb < 2026.05.1 CVE
LOW 2.3 CVE-2026-46554

NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their ca...

nocodb nocodb < 2026.04.4 CVE
LOW 2.1 CVE-2026-46553

NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE agai...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 5.8 CVE-2026-46552

NocoDB: Shared-base link access can invite arbitrary users as persistent base members_CVE-2026-46552

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities ...

nocodb nocodb < 2026.04.1 CVE
MEDIUM 6.5 CVE-2026-46551

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion_CVE-2026-46551

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC...

nocodb nocodb < 2026.04.4 CVE
MEDIUM 5.4 CVE-2026-46550

NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags_CVE-2026-46550

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing bot...

nocodb nocodb < 2026.04.1 CVE