🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-28396 | Medium | 6.5 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev…
|
— | Mar 2, 2026 |
| CVE-2026-2583 | Medium | 6.4 |
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in a…
|
— | Mar 2, 2026 |
| CVE-2025-15597 | Medium | 6.3 |
A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps…
|
⚡ Exploit ✅ Patch | Mar 2, 2026 |
| CVE-2026-28361 | Medium | 6.3 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not valid…
|
— | Mar 2, 2026 |
| CVE-2026-0005 | Medium | 6.2 |
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing lim…
|
— | Mar 2, 2026 |
| CVE-2026-0012 | Medium | 6.2 |
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in…
|
— | Mar 2, 2026 |
| CVE-2025-52475 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-52476 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-52563 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulne…
|
— | Mar 2, 2026 |
| CVE-2025-52564 | Medium | 6.1 |
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sani…
|
✅ Patch | Mar 2, 2026 |
| CVE-2025-48642 | Medium | 5.5 |
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This coul…
|
— | Mar 2, 2026 |
| CVE-2025-48644 | Medium | 5.5 |
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lea…
|
— | Mar 2, 2026 |
| CVE-2026-28357 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists i…
|
— | Mar 2, 2026 |
| CVE-2026-28359 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor r…
|
— | Mar 2, 2026 |
| CVE-2026-28397 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html withou…
|
— | Mar 2, 2026 |
| CVE-2026-28398 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments…
|
— | Mar 2, 2026 |
| CVE-2026-28401 | Medium | 5.4 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via…
|
— | Mar 2, 2026 |
| CVE-2026-27631 | Medium | 5.3 |
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metada…
|
✅ Patch | Mar 2, 2026 |
| CVE-2026-28358 | Medium | 5.3 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint return…
|
— | Mar 2, 2026 |
| CVE-2026-28360 | Medium | 5.3 |
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored i…
|
— | Mar 2, 2026 |