Lucene search
K

36 matches found

EUVD
EUVD
added 2026/06/12 6:28 p.m.14 views

EUVD-2026-32590

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign...

9CVSS5.2AI score0.00292EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.13 views

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...

9CVSS5.4AI score0.00292EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.5AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.21 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:58 p.m.9 views

CVE-2026-48150

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 4:58 p.m.47 views

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44061

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the '/api/public/v1/roles/assign' endpoint is guarded by the builderOrAdmin middleware. This middleware allows any user who is a builder f...

9CVSS5.8AI score0.00292EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-0764

Malware in sbrugna...

5CVSS6.4AI score0.01795EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-3407

Malware in sbrugna...

6.8CVSS6.4AI score0.00708EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-6490

Malware in sbrugna...

6.3CVSS6.4AI score0.02127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/10 9:17 p.m.10 views

CVE-2025-57815

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.5CVSS7AI score0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/08 9:11 p.m.4 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS6.6AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.16 views

PT-2025-36508

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. The Admin UI login endpoint relies on a general IP-based rate limit and lacks specific anti-automation controls, potentially allowing attackers ...

6.5CVSS6AI score0.00277EPSS
Exploits0References14
Citrix
Citrix
added 2024/07/04 12:0 a.m.7 views

[NetScaler] Built-in commands fail because feature is not licensed

On a NetScaler appliance, you may see some built-in commands are failed because feature is not licensed. For example, you use a Standard/Enterprise license, avaiable features in Premium license may have some built-in commands, and they'll get failures. It will not cause any business impact to...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.6 views

Trend Micro Mobile Security for Enterprise 授权问题漏洞

Trend Micro Mobile Security for Enterprise is a mobile antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Mobile Security for Enterprise version 9.8 SP5, which originated from a vulnerability that allows an attacker to bypass authentication...

8.8CVSS8AI score0.02573EPSS
Exploits0References3
NCSC
NCSC
added 2021/03/30 12:0 a.m.7 views

Vulnerability fixed in Mitel MiContact Center

Mitel has fixed a vulnerability in MiContact Center. The vulnerability allows an authenticated malicious party with access to the Enterprise License Manager portal is able to obtain system data obtain. Mitel has released updates to fix the vulnerability. More information can be found on the page...

9.8CVSS6.5AI score0.02516EPSS
Exploits0
NVD
NVD
added 2021/03/29 8:15 p.m.16 views

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

9.8CVSS0.02516EPSS
Exploits0References1
Prion
Prion
added 2021/03/29 8:15 p.m.20 views

Directory traversal

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

7.5CVSS9.2AI score0.02516EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/29 7:8 p.m.23 views

CVE-2021-26714

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal...

9.5AI score0.02516EPSS
Exploits0References1
CVE
CVE
added 2021/03/29 7:8 p.m.63 views

CVE-2021-26714

The CVE-2021-26714 entry affects Mitel MiContact Center Enterprise’s Enterprise License Manager portal prior to version 9.4, where insufficient access control allows Directory Traversal to view/modify application data. The issue is confirmed by multiple sources (NVD entry, Red Hat advisory, and M...

9.8CVSS9.2AI score0.02516EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder