| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28401 | NocoDB: Stored Cross-Site Scripting via Rich Text Cells | nocodb | nocodb | - | - | 2026-03-02 16:20:01 | Deep Dive |
| CVE-2026-28399 | NocoDB: SQL Injection via DATEADD Formula | nocodb | nocodb | - | - | 2026-03-02 16:19:42 | Deep Dive |
| CVE-2026-28398 | NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells | nocodb | nocodb | - | - | 2026-03-02 16:19:23 | Deep Dive |
| CVE-2026-28397 | NocoDB: Stored Cross-Site Scripting via Comments | nocodb | nocodb | - | - | 2026-03-02 16:19:07 | Deep Dive |
| CVE-2026-28396 | NocoDB: Refresh Tokens Not Revoked on Password Reset | nocodb | nocodb | - | - | 2026-03-02 16:18:47 | Deep Dive |
| CVE-2026-28361 | NocoDB: Missing Ownership Validation in MCP Token Operations | nocodb | nocodb | - | - | 2026-03-02 16:17:51 | Deep Dive |
| CVE-2026-28360 | NocoDB: Plaintext Storage of Shared View Passwords | nocodb | nocodb | - | - | 2026-03-02 16:17:37 | Deep Dive |
| CVE-2026-28359 | NocoDB: Stored Cross-Site Scripting via Rich Text Field | nocodb | nocodb | - | - | 2026-03-02 16:17:16 | Deep Dive |
| CVE-2026-28358 | NocoDB: User Enumeration via Password Reset Endpoint | nocodb | nocodb | - | - | 2026-03-02 16:16:56 | Deep Dive |
| CVE-2026-28357 | NocoDB: Stored Cross-Site Scripting via Formula Cell | nocodb | nocodb | - | - | 2026-03-02 16:16:06 | Deep Dive |
| CVE-2026-24769 | NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload | nocodb | nocodb | - | - | 2026-01-28 20:36:24 | Deep Dive |
| CVE-2026-24768 | NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter | nocodb | nocodb | - | - | 2026-01-28 20:32:04 | Deep Dive |
| CVE-2026-24767 | NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality | nocodb | nocodb | Medium | 4.9 | 2026-01-28 20:29:30 | Deep Dive |
| CVE-2026-24766 | NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS | nocodb | nocodb | Medium | 4.9 | 2026-01-28 20:27:43 | Deep Dive |
| CVE-2025-27506 | NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page | nocodb | nocodb | Medium | 5.4 | 2025-03-06 18:52:10 | Deep Dive |
| CVE-2023-49781 | NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue | nocodb | nocodb | High | 7.3 | 2024-05-13 18:54:54 | Deep Dive |
| CVE-2023-50718 | NocoDB SQL Injection vulnerability | nocodb | nocodb | Medium | 6.5 | 2024-05-13 16:08:09 | Deep Dive |
| CVE-2023-50717 | NocoDB Allows Preview of File with Dangerous Content | nocodb | nocodb | Medium | 5.7 | 2024-05-13 16:05:48 | Deep Dive |
| CVE-2023-43794 | SQL Injection in nocodb | nocodb | nocodb | Medium | 6.5 | 2023-10-17 20:02:29 | Deep Dive |
| CVE-2023-5104 | Improper Input Validation in nocodb/nocodb | nocodb | nocodb/nocodb | 中危 | - | 2023-09-21 08:44:17 | Deep Dive |