CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

EUVD-2026-32588

Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL...

CVE-2026-45715

Budibase (open-source low-code platform) is affected by CVE-2026-45715 via the REST datasource integration. The vulnerable component is the REST datasource code at packages/server/src/integrations/rest.ts, where redirects are followed without re-checking the IP blacklist, allowing an authenticate...

CVE-2026-48152

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

EUVD-2026-18792

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist...