CVE-2026-28359 - NocoDB: Stored Cross-Site Scripting via Rich Text Field
CVE ID : CVE-2026-28359
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28359
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28360 - NocoDB: Plaintext Storage of Shared View Passwords
CVE ID : CVE-2026-28360
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28360
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28361 - NocoDB: Missing Ownership Validation in MCP Token Operations
CVE ID : CVE-2026-28361
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28361
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28396 - NocoDB: Refresh Tokens Not Revoked on Password Reset
CVE ID : CVE-2026-28396
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28396
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28397 - NocoDB: Stored Cross-Site Scripting via Comments
CVE ID : CVE-2026-28397
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28397
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28398 - NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells
CVE ID : CVE-2026-28398
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28398
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28399 - NocoDB: SQL Injection via DATEADD Formula
CVE ID : CVE-2026-28399
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28399
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28401 - NocoDB: Stored Cross-Site Scripting via Rich Text Cells
CVE ID : CVE-2026-28401
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28401
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0025 - Apache Notification Java Information Disclosure
CVE ID : CVE-2026-0025
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0025
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0026 - Apache PermissionManager Local Privilege Escalation
CVE ID : CVE-2026-0026
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0026
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0027 - ARM SMMU Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0027
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0027
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0028 - PKVM Host Guest Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0028
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0028
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0029 - Apache Pkvm Local Privilege Escalation Vulnerability
CVE ID : CVE-2026-0029
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0029
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0030 - Apache Host Check Page State Range Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0030
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0030
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0031 - Apache MemProtect Integer Overflow Write Vulnerability
CVE ID : CVE-2026-0031
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0031
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0032 - Apache Memprotect Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0032
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0032
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0034 - Apache ManagedServices Local Privilege Escalation
CVE ID : CVE-2026-0034
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0034
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0035 - Apache MediaProvider Local Privilege Escalation
CVE ID : CVE-2026-0035
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0035
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0037 - FFA Memory Corruption Privilege Escalation Vulnerability
CVE ID : CVE-2026-0037
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0037
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0038 - Apache MemProtect Local Privilege Escalation Vulnerability
CVE ID : CVE-2026-0038
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0038
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0047 - Android ActivityManagerService dumpBitmapsProto Local Privilege Escalation
CVE ID : CVE-2026-0047
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0047
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...