Roaming folder with Daedalus database

Is it possible for someone that only have the Daedalus or Nami files (database) from roaming folder at windows to create a new wallet on a different computer and access the Ada funds?

Your master private key is stored in those files, encrypted with the spending password.

If someone can crack or grab the spending password, they can get full access to your wallets with those files.

In other words anyone can access to the funds ONLY if they have BOTH the spending password and the Daedalus/Nami database? Having only the Daedalus/ Nami it won’t be enough to access funds?

Yes, they need the spending password to decrypt the stored private key.