VulnScope — package-centric CVE lookup- MEDIUM5.3CVE-2026-47720FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString
- HIGH8.2CVE-2026-47719FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading
- —actual Allows Electron to Run As Node
- —Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews.
- HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
- HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments
- HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
- HIGH8.7TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
- —NocoDB: OAuth Tokens Persist Through Security Events
- HIGH8.8DbGate: Remote Code Execution via functionName injection in loadReader endpoint
- HIGH7.7Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
- —Authenticated Remote Code Execution via loadReader functionName code injection in DbGate
- —DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
- CRITICAL10.0DbGate: Unauthenticated Remote Code Execution via JSON Script Runner
- —NocoDB: Missing Ownership Check in MCP Attachment Read
- —NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
- —NocoDB: OAuth Authorization Code Race Condition
- —NocoDB: Path Traversal via SQLite Source Filename
- —NocoDB: SQL Injection via Column Title in Bulk GroupBy
- —NocoDB: Stored Cross-Site Scripting via Row Comments
- —NocoDB: Server-Side Request Forgery via Database Connection Host
- —NocoDB: Cross-Workspace Integration Use in Connection Test
- —NocoDB: User Enumeration via Sign-In Timing
- —NocoDB: Plaintext Password Comparison in Shared Views
- —NocoDB: Hidden Column Exposure in Public Shared View Endpoints
← PrevPage 2 of 200Next →