9 matches found
CVE-2026-45548
Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...
EUVD-2026-32604
Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...
MAL-2026-4543 Malicious code in customerdigital-ui-containers-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...
CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration
Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...
CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration
Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...
CVE-2026-30242
Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...
changedetection.io 安全漏洞
Changedetection.io is a website monitoring and notification application developed by dgtlmoon. Versions of Changedetection.io prior to 0.54.1 contained security vulnerabilities. These vulnerabilities stemmed from the URL validation function, issafevalidurl, which did not validate the resolution I...
PT-2023-32705 · Software Ag · Software Ag Webmethods
Name of the Vulnerable Software and Affected Versions: Software AG WebMethods versions 10.11.x through 10.15.x Description: A critical vulnerability has been found, leading to improper access controls. The issue can be exploited remotely, and it appears that insufficient access control is dependi...
Symbolicator Code Issue Vulnerability
Symbolicator is a symbol service for native stack traces and small dumps with symbol server support. A code issue vulnerability exists in Symbolicator versions 0.3.3 through 23.11.2, which stems from the fact that an attacker can use a specially crafted HTTP endpoint to allow Symbolicator to send...