Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-47379 — NocoDB: Plaintext Password Comparison in Shared Views

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the…

| Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47381 — NocoDB: Cross-Workspace Integration Use in Connection Test

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying …

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47383 — NocoDB: Stored Cross-Site Scripting via Row Comments

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the co…

| Cross-Site Scripting
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47384 — NocoDB: SQL Injection via Column Title in Bulk GroupBy

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's …

| Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47385 — NocoDB: Path Traversal via SQLite Source Filename

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB…

| Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47386 — NocoDB: OAuth Authorization Code Race Condition

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid (access_…

| Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-23513 — FOSSBilling: Broken Authorization in Client Transaction and Order Listings

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant…

| Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47387 — NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler (packages/nc-gui/composables/useSharedFormViewStore.ts) in NocoDB writes the form's …

| Cross-Site Scripting
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-47388 — NocoDB: Missing Ownership Check in MCP Attachment Read

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including a…

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-53926 — NocoDB: OAuth Tokens Persist Through Security Events

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and p…

| Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-53927 — NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMake) accepted URLs whose path contained a permitted extension anywhere in t…

| Server-Side Request Forgery
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-53928 — NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset th…

| Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.4 MEDIUM
CVE-2026-12892 — Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 n…

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds re…

enterprise_linux enterprise_linux | Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
4.3 MEDIUM
CVE-2026-12891 — Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.26…

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds r…

enterprise_linux enterprise_linux | Remote | Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.5 MEDIUM
CVE-2026-11820 — Community.general: community.general nexmo — api credentials exposed in get url query str…

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: api_key and api_secret are declared no_log=True at the input level, but both credentials are imme…

enterprise_linux enterprise_linux | Remote | Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
5.5 MEDIUM
CVE-2026-11819 — Community.general: community.general keyring_info — os keyring passphrase returned in pla…

Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keycha…

enterprise_linux enterprise_linux | Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.2 MEDIUM
CVE-2026-9073 — Foreman-mcp-server: mcp server: insecure sensitive http header sanitization

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, whic…

satellite satellite | Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2025-64105 — FOSSBilling: IDOR Vulnerability in Support Ticket Creation

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through…

| Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-53929 — NocoDB: Stored Cross-Site Scripting via Secure Attachment

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rend…

| Misconfiguration
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
0.0 NA
CVE-2026-53930 — NocoDB: Server-Side Request Forgery via Base Migration URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing prot…

| Server-Side Request Forgery
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Showing 20 of 7710 Results