Lucene search
K

11 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...

8.7CVSS0.00451EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 p.m.13 views

CVE-2026-55413

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 4:3 p.m.32 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 4:3 p.m.3 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-48148

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

5.3CVSS5.6AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.14 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:10 p.m.9 views

CVE-2026-45715

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/27 5:4 p.m.12 views

EUVD-2026-32596

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:4 p.m.15 views

CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 4:31 p.m.8 views

GHSA-82RC-GXRG-V4GF Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 4:31 p.m.15 views

Budibase: Unrestricted Upload of File with Dangerous Type

Summary The file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions html, svg, js, php, etc. are conditionally wrapped inside if isPublicUser or if isPublicUser || !env.SELFHOSTED, meaning an...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder