Lucene search
+L

519 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 4:30 p.m.19 views

Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour

Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-42049

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The public API role unassignment endpoint "/api/public/v1/roles/unassign" updates user documents in CouchDB but fails to invalidate the corresponding Redis user cache entries. Because the...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 5:47 p.m.5 views

GHSA-363W-HVWH-W7M6 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Affected Software: Budibase Affected Component: packages/server/src/api/controllers/view/viewBuilder.ts, packages/server/src/api/routes/view.ts CWE: CWE-94 Improper Control of Generation of Code...

6.5CVSS6AI score0.00263EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.10 views

PT-2026-41797

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The V1 Views API endpoint "/api/views" accepts a calculation parameter in the request body that is interpolated directly into a CouchDB reduce function definition without validation. While an...

6.5CVSS6.1AI score0.00263EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/05 9:30 p.m.5 views

Timing Attack

Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 6:57 p.m.10 views

EUVD-2026-8646

Budibase: Remote Code Execution via Unsafe eval in View Filter Map Function Budibase Cloud...

9.9CVSS5.5AI score0.00335EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.15 views

PT-2026-21923

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.30.4 Description Budibase, a low-code platform for creating internal tools, workflows, and admin panels, contains an unsafe eval vulnerability in its view filtering implementation. This issue affects Budibase Cloud...

9.9CVSS6.2AI score0.00335EPSS
Exploits1References14
GithubExploit
GithubExploit
added 2025/12/01 10:8 p.m.205 views

NoSQL-Injection-2025

NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &amp...

8.3AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3779

Malware in sbrugna...

9CVSS6.9AI score0.08153EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8959

Malware in sbrugna...

7.2CVSS6.8AI score0.03228EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-2247

Malware in sbrugna...

6.8CVSS6.1AI score0.01833EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-2957

Malware in sbrugna...

6.9CVSS6.1AI score0.00599EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2010-3833

Malware in sbrugna...

4.3CVSS6.1AI score0.05923EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-12754

Malware in sbrugna...

9.8CVSS9.2AI score0.01846EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-5534

Malware in sbrugna...

4.3CVSS6.1AI score0.03841EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-0041

Malware in sbrugna...

4.3CVSS6.1AI score0.05351EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6771

Malware in sbrugna...

7.8CVSS7.7AI score0.00558EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-24752

Malware in sbrugna...

7.3CVSS5.8AI score0.02474EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9576

Malware in sbrugna...

7.8CVSS7.7AI score0.01999EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5525

Malware in sbrugna...

5CVSS7.4AI score0.08945EPSS
Exploits1References7
Rows per page
Query Builder