CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

TinyML-Driven Cybersecurity for Autonomous Spacecraft: Latency-Accuracy Analysis for SPARTA RF and Cyber Threat Detection

Autonomous spacecraft require rapid, lightweight, and reliable onboard detection of cyber-RF threats. Using the SPARTA attack model, we analyze the latency-accuracy trade-offs of TinyML-compatible classical models -- Random Forest, Logistic Regression, SVM, and MLP -- for detecting uplink jamming...

CLIF: Cross-Layer LEO-ISL Fingerprinting for Physical and Network Attack Detection in Dense LEO Constellations

Low-Earth Orbit LEO mega-constellations such as Starlink by SpaceX and Kuiper by Amazon rely on optical Inter-Satellite Links ISLs for autonomous mesh routing to provide low-latency telecommunication, Internet of Things IoT, and security services globally. As commercial operators and governments...

Moderate: Red Hat Security Advisory: go-fdo-client and go-fdo-server security update

An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2026:19137 Important: go-fdo-server security update

This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard for the late binding of device credentials, allowing for automated and secure on-boarding of devices when they are first powered on in their final location...

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

CVE-2026-45716

Budibase vulnerability CVE-2026-45716 affects the onboardUsers endpoint: when SMTP is not configured, POST /api/global/users/onboard allows a builder to create new global admin accounts by injecting attacker-controlled roles, returning the generated password in the response and enabling full priv...

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

CVE-2026-45716 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

Malicious code in onboardconnect-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c17efe362ab4daf81f1ee7efe462a256ba325562a255906102d10d4a9ee87e5 The package's dist/setup.js script performs an HTTPS POST to https://oc-worker-tenant-api.wpolanco.workers.dev carrying values read from process.env,...

GHSA-C54J-XP92-WH28 Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

Improper Privilege Management

Overview @budibase/builder is a npm install Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowing the creation ...

Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

Fedora 44 : fido-device-onboard (2026-9e223ca14f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9e223ca14f advisory. Automatic update for fido-device-onboard-0.5.5-8.fc44. Changelog for fido-device-onboard Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for...

[SECURITY] Fedora 44 Update: fido-device-onboard-0.5.5-8.fc44

A rust implementation of the FIDO Device Onboard Specification...

Fedora 43 : fido-device-onboard (2026-e6237c2efe)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6237c2efe advisory. Automatic update for fido-device-onboard-0.5.5-8.fc43. Changelog for fido-device-onboard Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for...

[SECURITY] Fedora 43 Update: fido-device-onboard-0.5.5-8.fc43

A rust implementation of the FIDO Device Onboard Specification...

Fedora: Security Advisory (FEDORA-2026-e6237c2efe)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ampersend-sdk (>=0.0.16 <=0.0.21), bindu (>=2026.6.6 <=2026.12.5) +7 more potentially affected by unknown CVE via x402 (>=0.2.1 <=1.0.0)

x402 PYPI version =0.2.1, =0.0.16, =2026.6.6, =0.1.0, =0.7.0, =0.0.1, =0.0.1, =0.5.5, =2.8.1, =0.2.1, =0.2.2 Source cves: unknown CVE Source advisory: OSV:GHSA-QR2G-P6Q7-W82M...

STARDIS: Strategic Scheduling and Deceptive Signaling for Satellite Intrusion Detection System Deployment

Satellite communication networks operate under stringent computational constraints and are susceptible to sophisticated cyberattacks. This paper introduces a novel defense framework that decouples security optimization into ground-based analysis and onboard real-time execution. In the long-term...