Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.33.4 contained a security vulnerability. This vulnerability stemmed from the SSRF...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions of JeecgBoot from 3.0.0 to 3.5.3 have security vulnerabilities. These vulnerabilities stem from lax character filtering, which could allow attackers to execute arbitrary code o...

EUVD-2026-10358

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

JFlow 代码问题漏洞

JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. Versions of JFlow dated 20260129 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the File parameter in the function ImpDone within the Workflow Engine...

80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier

Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. One of today’s most pressing concerns is the governance of AI and autonomous agents. AI agents are scaling faster than some companies can s...

PandaX 安全漏洞

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX that stems from incorrect manipulation of the parameter key in the file config.yml, which could lead to the use of hard-coded keys...

Instant Developer Foundation 安全漏洞

Instant Developer Foundation is a low-code application development platform from the Italian company Instant Developer. A security vulnerability exists in Instant Developer Foundation versions prior to 25.0.9600 that stems from not properly cleaning up user-controlled inputs and could lead to cod...

ILLA Builder 安全漏洞

ILLA Builder is a low-code platform open-sourced by ILLA Cloud. A security vulnerability exists in ILLA Builder versions prior to v4.8.5 that stems from the API allowing arbitrary requests to be sent, which could lead to a server-side request forgery attack...

xckk 安全漏洞

xckk small dishes low-code development platform is a low-code development platform open source by China Cloud Network Software bestfeng. A security vulnerability exists in xckk v9.6, which stems from the orderBy parameter in address/list is not securely filtered, which may lead to SQL injection...

xckk 安全漏洞

xckk small dishes low-code development platform is a low-code development platform open source by China Cloud Network Software bestfeng. A security vulnerability exists in xckk v9.6, which stems from the orderBy parameter in user/list is not securely filtered, which may lead to SQL injection...

EUVD-2024-48067

Malicious code in bioql PyPI...

HCL Compass 安全漏洞

HCL Compass is a low-code change management software from HCL India. Managing the full range of testing activities and integration with developer tools. HCL Compass suffers from a security vulnerability that stems from could lead to unauthorized access to the database by an attacker...

Valtimo 安全漏洞

Valtimo is a low-code platform for business process automation open-sourced by Valtimo in the Netherlands. A security vulnerability exists in Valtimo versions prior to 12.16.0.RELEASE and 13.1.2.RELEASE, which stems from the possibility that an administrator may access sensitive data or resources...

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud aka Salesforce Industries, exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration...

Microsoft Power Automate 信息泄露漏洞

Microsoft Power Automate is a low-code automation platform from Microsoft Corporation USA that allows users to create automated workflows that connect and integrate with various applications and services. An information disclosure vulnerability exists in Microsoft Power Automate that stems from t...

CVE-2024-7071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. HCL Domino Volt and HCL Domino Le...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from the lack of a no cache header, which could lead to caching of sensitive data...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from an inadequate default configuration that could lead to anonymous access to directory information...

HCL Domino Volt和HCL Domino Leap 安全漏洞

HCL Domino Volt and HCL Domino Leap are both products of HCL India.HCL Domino Volt is a low-code application development solution based on the Domino platform.HCL Domino Leap is a cloud-based collaboration platform that modernizes traditional Domino applications. A security vulnerability exists i...