CVE-2026-45719 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API

Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API POST /api/views accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMAMAP object defines the valid...

Linux Distros Unpatched Vulnerability : CVE-2020-13091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call...

GHSA-JJW5-XXJ6-PCV5 scikit-learn Deserialization of Untrusted Data

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

UBUNTU-CVE-2020-13091

DISPUTED pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the readpickle function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the readpickle function is documented as unsafe and it is the user's responsibilit...