Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-53928	NocoDB: Refresh Tokens Persist Through Password Recovery_CVE-2026-53928 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be ...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2026-53927	NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL_CVE-2026-53927 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMake) accepted URLs whos...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-53926	NocoDB: OAuth Tokens Persist Through Security Events_CVE-2026-53926 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub bei...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
LOW 2.3	CVE-2026-47388	NocoDB: Missing Ownership Check in MCP Attachment Read_CVE-2026-47388 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment pat...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 8.4	CVE-2026-47387	NocoDB: Stored Cross-Site Scripting via Form View Redirect URL_CVE-2026-47387 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/use...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-47386	NocoDB: OAuth Authorization Code Race Condition_CVE-2026-47386 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authoriz...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47385	NocoDB: Path Traversal via SQLite Source Filename_CVE-2026-47385 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLit...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-47384	NocoDB: SQL Injection via Column Title in Bulk GroupBy_CVE-2026-47384 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL i...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
HIGH 7.4	CVE-2026-47383	NocoDB: Stored Cross-Site Scripting via Row Comments_CVE-2026-47383 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that exe...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47381	NocoDB: Cross-Workspace Integration Use in Connection Test_CVE-2026-47381 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integrati...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE