Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services contain security vulnerabilities. These vulnerabilities st...

CVE-2026-45715

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

CVE-2026-45715

Budibase (open-source low-code platform) is affected by CVE-2026-45715 via the REST datasource integration. The vulnerable component is the REST datasource code at packages/server/src/integrations/rest.ts, where redirects are followed without re-checking the IP blacklist, allowing an authenticate...

CVE-2026-48152

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that GET...

Budibase 代码问题漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained code-related vulnerabilities. These vulnerabilities stemmed from the integratio...

WordPress plugin Conditional Fields for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2026-18792

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist...

Oracle Critical Patch Update, October 2025 Security Update Review

Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families,...

EUVD-2020-6880

Malware in sbrugna...

EUVD-2020-6881

Malware in sbrugna...

EUVD-2022-7319

Malicious code in bioql PyPI...

EUVD-2025-21524

Malicious code in bioql PyPI...

CVE-2025-30756

Vulnerability in Oracle REST Data Services component: General. The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from...

CVE-2025-30756

Vulnerability in Oracle REST Data Services component: General. The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from...

CVE-2025-30756

Vulnerability in Oracle REST Data Services component: General. The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from...

Oracle REST Data Services 跨站请求伪造漏洞

Oracle REST Data Services is an Oracle middleware tool for exposing Oracle database functionality to applications via a RESTful API. A security vulnerability exists in Oracle REST Data Services version 24.2.0 that originates from an unauthenticated attacker who can attack via HTTP web access,...

PT-2025-29607 · Oracle · Oracle Rest Data Services

Name of the Vulnerable Software and Affected Versions: Oracle REST Data Services version 24.2.0 Description: An easily exploitable issue exists in Oracle REST Data Services that allows an unauthenticated attacker with network access via HTTP to compromise the service. Successful attacks require...

VulnCheck KEV: CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

CVE-2020-14745

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services component: General. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c; Standalone ORDS: prior to 20.2.1. Easily exploitable vulnerability allows low privileged attacker with networ...