519 matches found
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
Summary The public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user identity and permissions from this cache TTL: 3600 seconds...
PT-2026-42049
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The public API role unassignment endpoint "/api/public/v1/roles/unassign" updates user documents in CouchDB but fails to invalidate the corresponding Redis user cache entries. Because the...
GHSA-363W-HVWH-W7M6 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Affected Software: Budibase Affected Component: packages/server/src/api/controllers/view/viewBuilder.ts, packages/server/src/api/routes/view.ts CWE: CWE-94 Improper Control of Generation of Code...
PT-2026-41797
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The V1 Views API endpoint "/api/views" accepts a calculation parameter in the request body that is interpolated directly into a CouchDB reduce function definition without validation. While an...
Timing Attack
Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain...
EUVD-2026-8646
Budibase: Remote Code Execution via Unsafe eval in View Filter Map Function Budibase Cloud...
PT-2026-21923
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.30.4 Description Budibase, a low-code platform for creating internal tools, workflows, and admin panels, contains an unsafe eval vulnerability in its view filtering implementation. This issue affects Budibase Cloud...
NoSQL-Injection-2025
NoSQL-Injection-2025 NoSQL Injection exploitation toolkit &...
EUVD-2018-3779
Malware in sbrugna...
EUVD-2018-8959
Malware in sbrugna...
EUVD-2010-2247
Malware in sbrugna...
EUVD-2010-2957
Malware in sbrugna...
EUVD-2010-3833
Malware in sbrugna...
EUVD-2020-12754
Malware in sbrugna...
EUVD-2012-5534
Malware in sbrugna...
EUVD-2010-0041
Malware in sbrugna...
EUVD-2018-6771
Malware in sbrugna...
EUVD-2021-24752
Malware in sbrugna...
EUVD-2016-9576
Malware in sbrugna...
EUVD-2012-5525
Malware in sbrugna...