NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...

CVE-2026-28357

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

CVE-2026-28357

CVE-2026-28357 affects NocoDB prior to version 0.301.3, where the Formula virtual cell can store and render URI::() patterns via v-html without sanitization, enabling stored cross-site scripting. The issue is caused by unsanitized rendering of formula results and has been fixed in 0.301.3. No exp...

PT-2026-22624

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description A stored cross-site scripting XSS issue exists in the Formula virtual cell of NocoDB, a software used for building databases as spreadsheets. Formula results containing URI:: patterns are rendered...

Say hello to Lord Exploit Kit

Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin's Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collecte...

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit

Exploit kit EK activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular...

Threat Round-up for June 16 - June 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 16 and June 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics,...

Veris: Complete Profile URL is not Random and not expiring

This issue refers to a token non expiry issue and vulnerable uri patterns for onboarding process. The On Boarding process of Veris was revamped after a few such similar reports...