Lucene search
K

164 matches found

EUVD
EUVD
added 2026/06/22 10:45 p.m.12 views

EUVD-2026-32587

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Pypy

In Python 2.x through 2.7.16, urllib supports the localfile scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. This is demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS6.8AI score0.11844EPSS
Exploits1References2
NVD
NVD
added 2026/05/27 6:16 p.m.16 views

CVE-2026-48153

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

8.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:52 p.m.12 views

CVE-2026-48153 Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:50 p.m.10 views

CVE-2026-45061

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

8.8CVSS0.00452EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41397

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticat...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

JunoClaw 操作系统命令注入漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.30 views

CVE-2026-42612

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS0.00238EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:27 p.m.17 views

Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes

Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.28 views

PT-2026-37278

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A stored Cross-Site Scripting XSS issue allows publisher-level accounts to execute arbitrary JavaScript. The problem is caused by a blacklist bypass in the detectXss function, which fails to...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References8
NVD
NVD
added 2026/04/23 10:16 a.m.6 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS0.00938EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.9 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00938EPSS
Exploits1References4
NVD
NVD
added 2026/04/21 3:16 p.m.7 views

CVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

8.8CVSS0.00572EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/20 9:13 a.m.8 views

WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability

Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.6...

8.1CVSS5.8AI score0.04175EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/13 3:46 p.m.24 views

CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS0.00938EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 3:46 p.m.5 views

CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS5.8AI score0.00938EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-35583

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...

5.3CVSS5.9AI score0.0032EPSS
Exploits1References1
Rows per page
Query Builder