PT-2026-44535

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...

PT-2026-44394

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

Local Deep Research 代码问题漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...

PT-2026-44731

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher. do fetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

PT-2026-44509

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Server-Side Request Forgery SSRF allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with...

flowintel 安全漏洞

Flowintel is an open-source security analyst case and task management platform developed by flowintel. Versions of FlowIntel 3.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the external reference URL detection function in the app/case/task.py file, which has a...

WordPress plugin Independent Analytics 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

CVE-2026-42335

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

CVE-2026-48128

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

CVE-2026-45061

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...

CVE-2026-48148 Budibase: Unvalidated VectorDB Host Parameter Enables SSRF

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

CVE-2026-48128 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

EUVD-2026-32594

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

CVE-2026-48128 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

CVE-2026-48128

Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...

CVE-2026-48128

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

CVE-2026-48146 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

CVE-2026-48146 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

CVE-2026-48146

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...