Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/03/02 7:53 p.m.3 views

NocoDB Missing Ownership Validation in MCP Token Operations

Summary The MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. Details McpTokenService.get, regenerateToken, and delete did not filter by fkuserid. The analogous...

7.1CVSS5.9AI score0.00053EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/03/02 4:17 p.m.3 views

CVE-2026-28361

CVE-2026-28361 affects NocoDB prior to version 0.301.3, where the MCP token service did not validate token ownership. This allowed a Creator within the same base to read, regenerate, or delete another user’s MCP tokens if the token ID was known. The issue is fixed in 0.301.3. Remediation: upgrade...

7.1CVSS5.8AI score0.00053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/02 4:17 p.m.16 views

CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in...

7.1CVSS0.00053EPSS
Exploits0References2
OSV
OSVadded 2026/03/02 4:17 p.m.1 views

CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in...

7.1CVSS5.8AI score0.00053EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.4 views

PT-2025-37106

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...

8.8CVSS6.3AI score0.0003EPSS
Exploits0References17
OpenVAS
OpenVASadded 2020/01/09 12:0 a.m.18 views

openSUSE: Security Advisory for osc (openSUSE-SU-2019:1844-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7CVSS7.8AI score0.0018EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linuxadded 2019/08/12 12:0 a.m.74 views

Security update for osc (important)

openSUSE Security Update: Security update for osc Announcement ID: openSUSE-SU-2019:1844-1 Rating: important References: 1129889 1138977 1140697 1142518 1142662 1144211 Cross-References: CVE-2019-3685 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has 5 fixes is...

7.7CVSS7.4AI score0.0018EPSS
Exploits1References6
Rows per page
Query Builder