MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-47375	NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`_CVE-2026-47375 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, an authenticated user with columnAdd permission on a Postgres-backed...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47279	NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints_CVE-2026-47279 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 5.8	CVE-2026-46552	NocoDB: Shared-base link access can invite arbitrary users as persistent base members_CVE-2026-46552 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities ...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-46551	NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion_CVE-2026-46551 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NC...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
MEDIUM 5.4	CVE-2026-46550	NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags_CVE-2026-46550 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the refresh-token cookie was set with httpOnly: true but missing bot...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-46548	NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)_CVE-2026-46548 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in th...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-46547	NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL_CVE-2026-46547 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning pag...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54518	jackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databind_CVE-2026-54518 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-48493	Snipe-IT Vulnerable to Privilege Escalation for self via API Permissions Assignment_CVE-2026-48493 Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their...	grokability	snipe-it < 8.6.0	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47693	Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications_CVE-2026-47693 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula I...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE