Lucene search
K

9 matches found

NVD
NVD
added 2026/05/27 6:16 p.m.17 views

CVE-2026-45548

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:11 p.m.9 views

EUVD-2026-32604

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 1:3 a.m.7 views

MAL-2026-4543 Malicious code in customerdigital-ui-containers-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...

5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 6:22 p.m.3 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.8AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:22 p.m.24 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS0.0024EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.7 views

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

8.5CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

changedetection.io 安全漏洞

Changedetection.io is a website monitoring and notification application developed by dgtlmoon. Versions of Changedetection.io prior to 0.54.1 contained security vulnerabilities. These vulnerabilities stemmed from the URL validation function, issafevalidurl, which did not validate the resolution I...

8.6CVSS5.8AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.6 views

PT-2023-32705 · Software Ag · Software Ag Webmethods

Name of the Vulnerable Software and Affected Versions: Software AG WebMethods versions 10.11.x through 10.15.x Description: A critical vulnerability has been found, leading to improper access controls. The issue can be exploited remotely, and it appears that insufficient access control is dependi...

7.5CVSS7.5AI score0.00691EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

Symbolicator Code Issue Vulnerability

Symbolicator is a symbol service for native stack traces and small dumps with symbol server support. A code issue vulnerability exists in Symbolicator versions 0.3.3 through 23.11.2, which stems from the fact that an attacker can use a specially crafted HTTP endpoint to allow Symbolicator to send...

4.3CVSS7.1AI score0.00705EPSS
Exploits0References4
Rows per page
Query Builder