Lucene search
K

43 matches found

Nuclei
Nuclei
added 6 hours ago41 views

Budibase - Authentication Bypass

Budibase = 3.31.4 contains an authentication bypass caused by unanchored regex in authorized middleware matching webhook path patterns in query strings, letting unauthenticated remote attackers access any server-side API endpoint, exploit requires crafted request with webhook pattern in URL. id:...

9.1CVSS6AI score0.15339EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS5.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 3:16 p.m.12 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS0.00164EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/05 12:0 a.m.35 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 12:0 a.m.15 views

EUVD-2026-34844

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS5.5AI score0.00164EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 5:14 p.m.44 views

CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

6.5CVSS0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 5:14 p.m.10 views

CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:14 p.m.19 views

CVE-2026-48147

Budibase (open-source low-code platform) prior to 3.35.4 contains a vulnerability in buildMatcherRegex()/matches() within packages/backend-core/src/middleware/matchers.ts where route patterns are compiled into unanchored regexes and tested against ctx.request.url (including the full query string)...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 4:50 p.m.5 views

GHSA-PH86-P8F6-F9R2 Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

8.7CVSS5.8AI score0.00069EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/27 4:50 p.m.71 views

Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator

Description X509Authenticator implements client-certificate mTLS authentication: the web server validates the client's certificate against a trusted CA, then passes the certificate's Subject DN Distinguished Name: a string like CN=Alice,O=Example,[email protected] to Symfony via...

5.8AI score0.00069EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2026/05/05 9:29 p.m.28 views

CVE-2026-40110

Summary: The CVE affects Jupyter Server prior to 2.18.0, where Origin header validation uses Python’s re.match() against allow_origin_pat. Because re.match() anchors only at the start, a pattern intended for a trusted domain (for example trusted.example.com) can match origins like trusted.example...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/05 9:29 p.m.43 views

CVE-2026-40110 jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS0.00333EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:48 a.m.7 views

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...

9.8CVSS5.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 8:16 p.m.4 views

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS0.00445EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 7:17 p.m.34 views

CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/24 7:17 p.m.5 views

EUVD-2026-25618

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 7:17 p.m.18 views

CVE-2026-41428

Budibase (open-source low-code platform) before version 3.35.4 is affected. The authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url, and because Koa’s ctx.request.url includes the query string, an attacker can include a ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/16 10:40 p.m.5 views

GHSA-8783-3WGF-JGGF Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

9.1CVSS5.9AI score0.00445EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/16 10:40 p.m.6 views

Missing Authentication for Critical Function

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the authenticated middleware, which uses unanchored regular expressions to match public endpoint...

9.1CVSS5.8AI score0.00445EPSS
Exploits1References2
Rows per page
Query Builder