Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

EUVD-2026-10354

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase has a security vulnerability that stems from the lack of server-side RBAC checks in the/api/global/users...

XWiki Commons 安全漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. There is a security vulnerability in XWiki Commons, which stems from the fact that it is possible to list users that are not normally viewable from the subwiki by requesting the users on the subwiki, which is only...

PT-2022-8561 · Xiaomi · Xiaomi Security Center

Name of the Vulnerable Software and Affected Versions: Xiaomi Security Center affected versions not specified Description: The issue concerns the security of Xiaomi users worldwide. There is no specific information about the nature of the problem or its technical details. Recommendations: At the...

Waze app vulnerability allowed users’ real-time location tracking

By Waqas Waze app has more than 130 million active monthly users globally and that makes it a lucrative target for hackers. Here's what happened. This is a post from HackRead.com Read the original post: Waze app vulnerability allowed users real-time location tracking...

WinstarNssmMiner Monero mining malware crashes PC upon detection

By Waqas Another day, another Monero cryptocurrency mining malware hits unsuspected users worldwide This is a post from HackRead.com Read the original post: WinstarNssmMiner Monero mining malware crashes PC upon detection...

Telegram Ordered to Hand Over Encryption Keys to Russian Authorities

Russia’s top court ruled Tuesday that the Telegram messaging service, with 9.5 million active Russian users, must hand over encryption keys to authorities. The Britain-based messaging app company, with 100 million global users, now has 15 days to provide communications regulators in Russia with t...

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal

Since Snowden came forward with details about the NSA's PRISM program in June, web users concerned about online privacy are increasingly turning toward privacy tools to protect their online data. U.S. Government project PRISM allows the government to tap phone calls, email, and web browsing of an...