Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/12 6:23 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the buildMatcherRegex and matches functions. An attacker can perform unauthorized state-changing actions on behalf...

7.1CVSS5.8AI score0.00115EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/15 5:53 p.m.14 views

Server-side Request Forgery (SSRF)

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the req function. An attacker can access internal services and sensitive cloud metadata by leveraging HTTP...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/11 4:20 p.m.9 views

@budibase/cli (>=3.0.0 <=3.2.26), @budibase/pro (>=3.0.0 <=3.2.26) +2 more potentially affected by CVE-2026-45061 via @budibase/backend-core (>=3.0.0 <=3.2.7)

@budibase/backend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-45061 Source advisory: SNYK:JS-BUDIBASEBACKENDCORE-16759131...

7.7CVSS5.4AI score0.00263EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 4:18 p.m.9 views

@budibase/cli (>=0.0.1 <=3.2.26), @budibase/pro (>=0.0.1 <=3.2.26) +4 more potentially affected by CVE-2026-42239 via @budibase/backend-core (>=0.0.1 <=3.2.7)

@budibase/backend-core NPM version =0.0.1, =0.0.1, =0.0.1, =0.0.999-alpha.30, =0.0.1, =3.2.26 - @devlego/server =1.1.29-alpha.1 - @devlego/worker =1.1.29-alpha.1 Source cves: CVE-2026-42239 Source advisory: OSV:GHSA-4F9J-VR4P-642R...

8.1CVSS5.8AI score0.00283EPSS
Exploits1
Snyk
Snyk
added 2026/04/24 4:18 p.m.40 views

Sensitive Cookie Without "HttpOnly" Flag

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the set function in the cookie handling process. An attacker can gain unauthorized access to user account...

8.4CVSS5.5AI score0.00283EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/04/24 4:18 p.m.10 views

@budibase/cli (>=3.0.0 <=3.2.26), @budibase/pro (>=3.0.0 <=3.2.26) +2 more potentially affected by CVE-2026-42239 via @budibase/backend-core (>=3.0.0 <=3.2.7)

@budibase/backend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-42239 Source advisory: SNYK:JS-BUDIBASEBACKENDCORE-16318349...

8.1CVSS5.8AI score0.00283EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/04 6:4 a.m.7 views

@budibase/backend-core (>=3.0.0 <=3.2.26), @budibase/bbui (>=3.0.0 <=3.2.26) +7 more potentially affected by CVE-2026-35214 via @budibase/types (>=3.0.0 <=3.2.7)

@budibase/types NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-35214 Source advisory: SNYK:JS-BUDIBASETYPES-15917494...

8.7CVSS5.8AI score0.00554EPSS
Exploits1
Rows per page
Query Builder