CVE-2026-46427 Budibase: Snowflake private key returned unmasked from datasource API to BASIC users

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

EUVD-2025-6917

Malicious code in bioql PyPI...

CVE-2024-8057

CVE-2024-8057 concerns the Danswer AI project (danswer, version 0.4.1) where a basic user can create credentials and link them to an existing connector due to insufficient access control. The issue arises because an unauthenticated user can sign up with a basic account and perform actions that sh...

CVE-2024-6435

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

CVE-2022-45164

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...