Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/27 6:16 p.m.9 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS0.00036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 5:9 p.m.6 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00036EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/18 5:42 p.m.7 views

GHSA-C54J-XP92-WH28 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

8.8CVSS6AI score0.00036EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/18 5:42 p.m.14 views

Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

8.8CVSS6AI score0.00036EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.7 views

PT-2026-41795

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description An issue exists in the "POST /api/global/users/onboard" endpoint, which is protected by the workspaceBuilderOrAdmin middleware. This allows users with builder permissions to access the endpoint. In...

8.8CVSS5.9AI score0.00036EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/07 9:11 a.m.4 views

CVE-2025-64421

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user member can invite a high privileged user. At first, the application will throw an error, but if the attacker clicks th...

8.7CVSS6.5AI score0.00037EPSS
Exploits1References1
CNVD
CNVDadded 2017/06/08 12:0 a.m.2 views

Unspecified Vulnerability in Zulip Server

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A security vulnerability exists in the implementation of the invitebyadminsonly setting in Zulip Server 1.5.1 and earlier versions. An attacker can exploit the vulnerability to invite oth...

6.5CVSS6.7AI score0.00148EPSS
Exploits0References1
Rows per page
Query Builder