2 matches found
CVE-2026-59509 Unauthenticated arbitrary MongoDB collection read in cve-search
An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...
PT-2026-51637
Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...