36 matches found
EUVD-2026-32590
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign...
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...
CVE-2026-48150
Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...
CVE-2026-48150
Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...
CVE-2026-48150
Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...
CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...
PT-2026-44061
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the '/api/public/v1/roles/assign' endpoint is guarded by the builderOrAdmin middleware. This middleware allows any user who is a builder f...
EUVD-2014-0764
Malware in sbrugna...
EUVD-2013-3407
Malware in sbrugna...
EUVD-2013-6490
Malware in sbrugna...
CVE-2025-57815
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
PT-2025-36508
Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...
[NetScaler] Built-in commands fail because feature is not licensed
On a NetScaler appliance, you may see some built-in commands are failed because feature is not licensed. For example, you use a Standard/Enterprise license, avaiable features in Premium license may have some built-in commands, and they'll get failures. It will not cause any business impact to...
Trend Micro Mobile Security for Enterprise 授权问题漏洞
Trend Micro Mobile Security for Enterprise is a mobile antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Mobile Security for Enterprise version 9.8 SP5, which originated from a vulnerability that allows an attacker to bypass authentication...
Vulnerability fixed in Mitel MiContact Center
Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
Directory traversal
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
CVE-2021-26714
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...
CVE-2021-26714
The CVE-2021-26714 entry affects Mitel MiContact Center Enterprise’s Enterprise License Manager portal prior to version 9.4, where insufficient access control allows Directory Traversal to view/modify application data. The issue is confirmed by multiple sources (NVD entry, Red Hat advisory, and M...