CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

CVE-2026-45719

Budibase is vulnerable to CouchDB reduce injection via the V1 Views API (POST /api/views) where the calculation parameter is interpolated into a CouchDB reduce function without validation. A Builder-permission user can inject arbitrary JavaScript into the reduce function, which CouchDB executes w...

EUVD-2026-32599

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

CVE-2026-46424 Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

CVE-2026-46427

Budibase prior to 3.38.3 exposes Snowflake private keys via the datasource API. The removeSecrets filter masks only datasource config fields with schema type DatasourceFieldType.PASSWORD; Snowflake integration marks privateKey as SENSITIVE_LONGFORM, which is not filtered, allowing a BASIC-authent...

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

Exploit for CVE-2026-27771

CVE-2026-27771 — Gitea Container Registry Auth Bypass CVSS:...

CVE-2026-44326 free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

CVE-2026-44326

CVE-2026-44326 affects free5gc NEF 3gpp-traffic-influence API. Prior to version 4.2.2, the NEF mounts the 3gpp-traffic-influence endpoint without inbound OAuth2/bearer-token authorization. An unauthenticated or forged-token request reachable on the SBI can create, read, patch, and delete traffic-...

CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

CVE-2026-47119

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...