CVE-2026-28401 - NocoDB: Stored Cross-Site Scripting via Rich Text Cells
CVE ID : CVE-2026-28401
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-28401
Published : March 2, 2026, 5:16 p.m. | 17 minutes ago
Description : NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0025 - Apache Notification Java Information Disclosure
CVE ID : CVE-2026-0025
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0025
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0026 - Apache PermissionManager Local Privilege Escalation
CVE ID : CVE-2026-0026
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0026
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0027 - ARM SMMU Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0027
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0027
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0028 - PKVM Host Guest Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0028
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0028
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0029 - Apache Pkvm Local Privilege Escalation Vulnerability
CVE ID : CVE-2026-0029
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0029
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0030 - Apache Host Check Page State Range Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0030
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0030
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0031 - Apache MemProtect Integer Overflow Write Vulnerability
CVE ID : CVE-2026-0031
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0031
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0032 - Apache Memprotect Out-of-Bounds Write Vulnerability
CVE ID : CVE-2026-0032
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0032
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0034 - Apache ManagedServices Local Privilege Escalation
CVE ID : CVE-2026-0034
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0034
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0035 - Apache MediaProvider Local Privilege Escalation
CVE ID : CVE-2026-0035
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0035
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0037 - FFA Memory Corruption Privilege Escalation Vulnerability
CVE ID : CVE-2026-0037
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0037
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0038 - Apache MemProtect Local Privilege Escalation Vulnerability
CVE ID : CVE-2026-0038
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0038
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0047 - Android ActivityManagerService dumpBitmapsProto Local Privilege Escalation
CVE ID : CVE-2026-0047
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0047
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21853 - AFFiNE: One-click Remote Code Execution through Custom URL Handling
CVE ID : CVE-2026-21853
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21853
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26709 - Code-Projects Simple Gym Management System SQL Injection
CVE ID : CVE-2026-26709
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26709
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26710 - Code-Projects Simple Food Order System SQL Injection
CVE ID : CVE-2026-26710
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26710
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26711 - Code-Projects Simple Food Order System SQL Injection Vulnerability
CVE ID : CVE-2026-26711
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26711
Published : March 2, 2026, 7:16 p.m. | 2 hours, 5 minutes ago
Description : code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2256 - Command injection vulnerability in ModelScope's ms-agent
CVE ID : CVE-2026-2256
Published : March 2, 2026, 8:09 p.m. | 1 hour, 12 minutes ago
Description : A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2256
Published : March 2, 2026, 8:09 p.m. | 1 hour, 12 minutes ago
Description : A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21882 - theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution
CVE ID : CVE-2026-21882
Published : March 2, 2026, 8:16 p.m. | 1 hour, 5 minutes ago
Description : theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21882
Published : March 2, 2026, 8:16 p.m. | 1 hour, 5 minutes ago
Description : theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25477 - AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
CVE ID : CVE-2026-25477
Published : March 2, 2026, 8:16 p.m. | 1 hour, 5 minutes ago
Description : AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25477
Published : March 2, 2026, 8:16 p.m. | 1 hour, 5 minutes ago
Description : AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...