3 matches found
EUVD-2026-32606
Budibase: Unanchored Regex in matchers.ts Allows CSRF Bypass via Query String Injection in Budibase Worker...
CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...
PT-2024-18982 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip version 8.0 Description: A vulnerability in Zulip affects installations where non-admins can invite users and create multi-use invitations, but only admins can invite users to streams. This issue allows users to invite new users to...