Lucene search
K

6680 matches found

OSV
OSV
added 2026/03/02 7:36 p.m.2 views

GHSA-VX5P-Q85X-XM3C NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...

5.3CVSS6.2AI score0.00143EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/02 7:36 p.m.7 views

NocoDB has Stored Cross-site Scripting via Formula Cell

Summary A stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. Details The replaceUrlsWithLink function in urlUtils.ts converts URI::url patterns to tags but passes a...

5.4CVSS6.2AI score0.00143EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/02 6:36 p.m.3 views

Cross-site Scripting (XSS)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the v-html due to the lack of sanitization. An attacker with Editor role can execute arbitrary scripts in the context of a user's browser by storing malicious content in rich text cells...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.5 views

CVE-2026-28401

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...

5.4CVSS0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.6 views

CVE-2026-28397

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

5.4CVSS0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.4 views

CVE-2026-28357

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

5.4CVSS0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/02 4:20 p.m.30 views

CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/02 4:19 p.m.4 views

EUVD-2026-9212

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 4:19 p.m.9 views

CVE-2026-28397

CVE-2026-28397 : NocoDB prior to 0.301.3 renders comments with v-html without sanitization, enabling stored XSS. Affected: NocoDB (comments feature) where an attacker could inject HTML/JS via comments. CVSS indicates NETWORK access, LOW attack complexity, NO privileges required, and PASSIVE user ...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/02 4:16 p.m.14 views

CVE-2026-28357

CVE-2026-28357 affects NocoDB prior to version 0.301.3, where the Formula virtual cell can store and render URI::() patterns via v-html without sanitization, enabling stored cross-site scripting. The issue is caused by unsanitized rendering of formula results and has been fixed in 0.301.3. No exp...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 4:16 p.m.4 views

CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/02 4:16 p.m.5 views

EUVD-2026-9199

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI:: patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patche...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred due to the lack of cleanup during...

5.4CVSS5.7AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.5 views

PT-2026-22637

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3 Description NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization allows for stored cross-site scripting XSS. The...

5.4CVSS5.8AI score0.00179EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability; this vulnerability stemmed from insufficient cleanup during...

5.4CVSS5.7AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/02/28 2:49 a.m.9 views

GHSA-8RR6-2QW5-PC7R PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

Summary PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. While the defau...

6.8CVSS5.9AI score0.00297EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/27 10:8 p.m.4 views

EUVD-2026-9090

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

2.2CVSS5.9AI score0.00142EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 10:8 p.m.243 views

CVE-2026-28422

Vim prior to 9.2.0078 has a stack-buffer-overflow in build_stl_str_hl() triggered when rendering a statusline with a multi-byte fill character on very wide terminals. The issue is fixed in version 9.2.0078 . The CVSS data indicates low impact (I/L) with local attack requirements and user interact...

2.2CVSS5.9AI score0.00142EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/27 10:8 p.m.5 views

CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

2.2CVSS5.9AI score0.00142EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2026-27738

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References1
Rows per page
Query Builder