CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-48147

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

6.5CVSS0.00014EPSS

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS0.00064EPSS

NVD•added 2026/05/27 6:16 p.m.•12 views

CVE-2026-45719

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

6.5CVSS0.00032EPSS

NVD•added 2026/05/27 6:16 p.m.•9 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS0.00037EPSS

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS0.00034EPSS

NVD•added 2026/05/27 6:16 p.m.•7 views

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

7.5CVSS0.00047EPSS

NVD•added 2026/05/27 6:16 p.m.•7 views

CVE-2026-45088

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

7.5CVSS0.00042EPSS

CVE-2026-45089

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...

8.2CVSS0.0005EPSS

EUVD•added 2026/05/27 5:35 p.m.•8 views

EUVD-2026-32616

7.5CVSS5.9AI score0.00042EPSS

ATTACKERKB•added 2026/05/27 5:34 p.m.•8 views

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.00061EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/27 5:34 p.m.•7 views

EUVD-2026-32615

10CVSS6AI score0.00061EPSS

ATTACKERKB•added 2026/05/27 5:33 p.m.•6 views

CVE-2026-45089

8.2CVSS5.8AI score0.0005EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/27 5:18 p.m.•34 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00032EPSS

CVE•added 2026/05/27 5:14 p.m.•9 views

CVE-2026-48147

Budibase (open-source low-code platform) prior to 3.35.4 contains a vulnerability in buildMatcherRegex()/matches() within packages/backend-core/src/middleware/matchers.ts where route patterns are compiled into unanchored regexes and tested against ctx.request.url (including the full query string)...

6.5CVSS5.8AI score0.00014EPSS

Vulnrichment•added 2026/05/27 5:9 p.m.•8 views

CVE-2026-45717 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS6AI score0.00036EPSS

ATTACKERKB•added 2026/05/27 5:7 p.m.•6 views

CVE-2026-45719

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/27 5:7 p.m.•5 views

CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

CVE•added 2026/05/27 5:7 p.m.•8 views

CVE-2026-45719

Budibase is vulnerable to CouchDB reduce injection via the V1 Views API (POST /api/views) where the calculation parameter is interpolated into a CouchDB reduce function without validation. A Builder-permission user can inject arbitrary JavaScript into the reduce function, which CouchDB executes w...

EUVD•added 2026/05/27 5:7 p.m.•6 views

EUVD-2026-32599