25 matches found
CVE-2026-50137
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
CVE-2026-50137
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
CVE-2026-50137
Budibase prior to 3.39.0 is affected by CVE-2026-50137: unauthenticated POST /api/attachments/:datasourceId/url allows anonymous callers to mint 15-minute AWS S3 pre-signed PUT URLs using the datasource’s IAM credentials, with the bucket not pinned to the datasource. The attack discloses the targ...
CVE-2026-50136
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...
GHSA-35C4-RVC8-FRHM Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...
📄 Papermark 0.20.0 Path Traversal
Papermark version 0.20.0 suffers from an authenticated path traversal vulnerability. // Exploit Title: Papermark 0.20.0 - Path Traversal Authenticated // Date: 2026-01-28 // Exploit Author: Eui Chul Chung // Vendor Homepage: https://www.papermark.com/ // Software Link:...
EUVD-2024-25304
Malicious code in bioql PyPI...
CVE-2025-57682
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...
CVE-2025-57682
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...
PT-2025-38726
Name of the Vulnerable Software and Affected Versions Papermark versions prior to 0.20.0 Description An issue exists in Papermark that allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution. This is possible via the 'POST...
CVE-2025-57682
Papermark 0.20.0 and earlier versions contain an authenticated path traversal vulnerability. An attacker can abuse the POST /api/file/s3/get-presigned-get-url-proxy endpoint to retrieve arbitrary files from the associated S3 bucket by manipulating the key parameter (as shown in the PacketStorm ex...
CVE-2025-57682
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
Code injection
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
CVE-2024-28174
CVE-2024-28174 affects JetBrains TeamCity (pre-2023.11.4) via the S3 Artifact Storage plugin. The root cause is improper authorization of presigned URL generation requests, allowing a remote attacker to bypass existing security restrictions. The public descriptions consistently state the issue af...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...