Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-28361
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28396
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28397
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28398
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26708
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28357
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI::() patterns are rendered via v-html without sanitization, allowing injected HTML to execute. This issue has been patched in version 0.301.3.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-02
CVE-2026-28358
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-02
CVE-2026-21385
Known exploited
Memory corruption while using alignments for memory allocation.
CVSS Score
7.8
EPSS Score
0.007
Published
2026-03-02
CVE-2025-59600
Memory Corruption when adding user-supplied data without checking available buffer space.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved