CVE-2026-3494

CVE-2026-3494 affects MariaDB Server (audit plugin) up to version 11.8.5. When the audit plugin is enabled and server_audit_events is filtered to QUERY_DCL/QUERY_DDL/QUERY_DML, an authenticated user issuing a SQL statement starting with -- or # may bypass logging, leading to incomplete audit reco...

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

CVE-2026-3494

Disclaimer: This data contains information about vulnerable...

EUVD-2026-9311

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CommentsService component that lacks sanitization for stored HTML. An attacker can execute arbitrary scripts in the context of users viewing affected rich text fields by injecting...

CVE-2026-28397

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28398

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28398

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28398

NocoDB vulnerability CVE-2026-28398 is a stored XSS in user-controlled content (comments and rich text) rendered via v-html before version 0.301.3. The issue allows basic exploitation without user interaction purple? According to the data, the affected component is the rendering path using v-html...

CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

EUVD-2026-9213

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28397

CVE-2026-28397 : NocoDB prior to 0.301.3 renders comments with v-html without sanitization, enabling stored XSS. Affected: NocoDB (comments feature) where an attacker could inject HTML/JS via comments. CVSS indicates NETWORK access, LOW attack complexity, NO privileges required, and PASSIVE user ...

EUVD-2026-9212

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

Important: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy

A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...