CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...

CVE-2023-28396

Improper access control in firmware for some IntelR ThunderbolTM Controllers versions before 41 may allow a privileged user to enable denial of service via local access...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2024-28396

CVE-2024-28396 affects MyPrestaModules ordersexport, version 6.0.2 and earlier. The vulnerability resides in the download.php component and allows a remote attacker to execute arbitrary code. Public sources consistently describe a need to update to a version that contains a fix; no exploit specif...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2023-28396

creationtimestamp| type| source ---|---|--- 2024-03-06 11:11:58+00:00| seen| https://t.me/ctinow/201203...

CVE-2023-28396

Improper access control in firmware for some IntelR ThunderbolTM Controllers versions before 41 may allow a privileged user to enable denial of service via local access...

CVE-2023-28396

CVE-2023-28396 concerns Intel Thunderbolt Controllers. The issue is due to improper access control in the firmware of some Intel Thunderbolt Controllers, allowing a privileged user local access denial of service. Affected are Thunderbolt firmware versions prior to 41. Remediation is to update to ...

Intel® Thunderbolt™ Controller Advisory

Summary: A potential security vulnerability in some Intel® Thunderbolt™ Controllers may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28396 Description: Improper access control in firmware for some...

CVE-2022-28396

creationtimestamp| type| source ---|---|--- 2022-04-12 20:23:15+00:00| seen| https://t.me/cibsecurity/40654...

CVE-2022-28396

...

CVE-2022-28396

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2020-28396

creationtimestamp| type| source ---|---|--- 2020-12-15 00:39:33+00:00| seen| https://t.me/cibsecurity/20785...

CVE-2020-28396

A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position...