CVE-2026-31818

Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...

CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist

Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...

CVE-2026-31818

Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery SSRF vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism IP blacklist is rendered completely ineffective because the BLACKLISTIPS environment...

PT-2026-30188

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.33.4 Description Budibase, an open-source low-code platform, contains a server-side request forgery SSRF vulnerability in its REST datasource connector. The platform's SSRF protection is ineffective because the...

Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

CVE-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

Grafana -- Grafana Testdata datasource can issue unbounded memory allocations

https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

EUVD-2026-13541

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

SQLBot 代码问题漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery in the/api/v1/datasource/check endpoint, which could lead...

Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview

Summary The REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata...

GHSA-4647-WPJQ-HH7F Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview

Summary The REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata...

Server-side Request Forgery (SSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the preview in the REST datasource query endpoint, which allows user-supplied URLs in the fields.path parameter to be requested by the server without...

PT-2026-26216

Name of the Vulnerable Software and Affected Versions Budibase versions 3.30.6 and prior Description Budibase is a low code platform that allows the creation of internal tools, workflows, and admin panels. A flaw exists in the REST datasource query preview endpoint POST /api/queries/preview where...

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

EUVD-2026-11647

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

Exploit for CVE-2026-31816

CVE-2026-31816 Reverse Shell Exploit Overview This tool e...

DataEase SQL注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-21725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A time-of-create-to-time-of-use TOCTOU vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires...