CVE-2026-48152

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

EUVD-2026-32588

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...

CVE-2026-48152

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

PT-2026-44063

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description Insufficient permission checks on the single-datasource 'GET' and 'PUT' routes allow users with the Basic app user role to access and modify REST datasource configurations. Because these routes are...

CVE-2025-59405

The CVE-2025-59405 entry concerns the Flock Safety Peripheral Android app (com.flocksafety.android.peripheral) version 7.38.3, deployed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices. Root cause: a cleartext DataDog API key is embedded in the client-side codebase, e...

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

PT-2025-40411

Name of the Vulnerable Software and Affected Versions Flock Safety Peripheral version 7.38.3 Description The Flock Safety Peripheral application for Android contains a cleartext DataDog API key within its codebase. Attackers can recover the OAuth secret without special privileges by decompiling o...

PT-2020-14367 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded OAUTH SECRET KEY located in /opt/axess/etc/default/axess. Recommendations: For versions 3.1.0 and 3.1.1, consider changing the hardcoded OAUTH...