CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

CVE-2026-48147

Budibase (open-source low-code platform) prior to 3.35.4 contains a vulnerability in buildMatcherRegex()/matches() within packages/backend-core/src/middleware/matchers.ts where route patterns are compiled into unanchored regexes and tested against ctx.request.url (including the full query string)...

CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

EUVD-2006-0324

Malware in sbrugna...

GetSimple CMS 命令注入漏洞

GetSimple CMS is a content management system from GetSimple CMS open source. A security vulnerability exists in GetSimple CMS versions 3.3.16 through 3.3.21, which originates from a specially crafted query string that can be injected into arbitrary PHP code and executed by an authenticated user,...

SLiMS 9 Bulian SQL Injection Vulnerability

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. An SQL injection vulnerability exists in SLiMS 9 Bulian version v9.6.1, which...

SUSE-SU-2023:0071-1 Security update for openstack-barbican

This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection bsc1203873. Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypa...

Debian dla-3136 : barbican-api - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3136 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3136-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5247-1 : barbican - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5247 advisory. - openstack-barbican: access policy bypass via query string injection CVE-2022-3100 Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 7 / 8 / 9 : Red Hat OpenStack Platform (openstack-barbican) (RHSA-2022:6750)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6750 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

TOTOLINK A3000Ru 操作系统命令注入漏洞

TOTOLink A3000RU is a wireless router from TotoLink, China.TOTOLink A3000RU V5.9c.2280B20180512 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2021-37587)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...

CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

EUVD-2006-2491

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

CVE-2003-1531

Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...