EUVD-2026-8646

Budibase: Remote Code Execution via Unsafe eval in View Filter Map Function Budibase Cloud...

GHSA-RVHR-26G4-P2R8 Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Summary A critical unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud SaaS - self-hosted deployments use native CouchDB...

Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Summary A critical unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud SaaS - self-hosted deployments use native CouchDB...

CVE-2026-27702

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server...

CVE-2026-27702

Budibase Cloud (SaaS) is affected by an unsafe eval() vulnerability in the view filtering implementation prior to version 3.30.4. The issue resides in packages/server/src/db/inMemoryView.ts where user-controlled view map functions are directly evaluated without sanitization, enabling any authenti...

CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server...

CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.30.4 contained security vulnerabilities. These vulnerabilities stemmed from an insecure eval...

PT-2026-21923

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.30.4 Description Budibase, a low-code platform for creating internal tools, workflows, and admin panels, contains an unsafe eval vulnerability in its view filtering implementation. This issue affects Budibase Cloud...

GHSA-78QV-3MPX-9CQQ NiceGUI vulnerable to XSS via Code Injection during client-side element function execution

Summary Several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input is passed as the method name, an attacker can inject...

NiceGUI vulnerable to XSS via Code Injection during client-side element function execution

Summary Several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input is passed as the method name, an attacker can inject...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of eval in multiple client APIs, and incorrect escaping of method names, which...

SSTI-to-RCE-Python-Eval-Bypass

SSTI-to-RCE-Python-Eval-Bypass A Proof-of-Concept PoC exp...

GHSA-QV8J-HGPC-VRQ8 Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting XSS in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform versions from 1.98.0 up to but not including 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment...

GHSA-8QM3-746X-R74R devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed

Under certain circumstances, unevaling untrusted data can produce output code that will create objects with polluted prototypes when later evaled, meaning the output data can be a different shape from the input data...

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

CVE-2026-27174

CVE-2026-27174 affects MajorDoMo. An include-order bug in modules/panel.class.php lets unauthenticated users reach the admin panel’s PHP console, with execution continuing into inc_panel_ajax.php after a redirect that lacks an exit. The console handler passes GET parameters (via register_globals)...

GHSA-97F8-7CMV-76J2 Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Summary This is a scanning bypass to scanpytorch function in picklescan. As we can see in the implementation of getmagicnumber that uses pickletools.genopsdata to get the magicnumber with the condition opcode.name includes INT or LONG, but the PyTorch's implemtation simply uses picklemodule.load ...