Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/27 5:10 p.m.46 views

CVE-2026-45715 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

7.7CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-7613

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.56844EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/22 3:33 p.m.8 views

JeecgBoot SQL Injection Vulnerability

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

6.5CVSS8.2AI score0.00224EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2018/01/22 4:0 a.m.37 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

9.8AI score0.06962EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2018/01/22 4:0 a.m.68 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

8.1CVSS9.1AI score0.06962EPSS
Exploits0
Rows per page
Query Builder