CVE-2026-4391

creationtimestamp| type| source ---|---|--- 2026-05-27 20:16:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmud65vf7g2q...

CVE-2026-9712

creationtimestamp| type| source ---|---|--- 2026-05-27 20:15:46+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mmud5hme4r2y 2026-05-28 00:05:03+00:00| seen| https://bsky.app/profile/nixpkgs-prs-bot.bsky.social/post/3mmupxgygio2d...

CVE-2026-4392

creationtimestamp| type| source ---|---|--- 2026-05-27 20:11:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmucv7e3b52p...

CVE-2026-46427

creationtimestamp| type| source ---|---|--- 2026-05-27 19:56:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmuc3mlhfr2k...

CVE-2024-24790

creationtimestamp| type| source ---|---|--- 2026-05-27 19:48:15+00:00| seen| https://bsky.app/profile/andresbohren.bsky.social/post/3mmubm7gb3s22...

CVE-2023-24531

creationtimestamp| type| source ---|---|--- 2026-05-27 19:48:15+00:00| seen| https://bsky.app/profile/andresbohren.bsky.social/post/3mmubm7gb3s22 2026-06-12 13:00:12+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mo3sbe73cs2x...

CVE-2026-45719

creationtimestamp| type| source ---|---|--- 2026-05-27 19:08:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7fpio442c...

EUVD-2026-32626

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-48146

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

CVE-2018-25357

creationtimestamp| type| source ---|---|--- 2026-05-27 18:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmu3xgipzu2w...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the CoreExtension::column filter when sandboxing is enabled through SourcePolicyInterface. An attacker can bypass the sandbox property...

CVE-2026-40914

creationtimestamp| type| source ---|---|--- 2026-05-27 17:32:33+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mmtzzmt3ah2e 2026-05-29 11:39:38+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mmyhafj65s2p...

CVE-2026-45715 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

CVE-2026-45715

Budibase (open-source low-code platform) is affected by CVE-2026-45715 via the REST datasource integration. The vulnerable component is the REST datasource code at packages/server/src/integrations/rest.ts, where redirects are followed without re-checking the IP blacklist, allowing an authenticate...

CVE-2026-46425

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

CVE-2026-44971

creationtimestamp| type| source ---|---|--- 2026-05-27 17:02:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtyefixwt2n...

CVE-2026-48544

creationtimestamp| type| source ---|---|--- 2026-05-27 17:02:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmtydxa2kt2w...

EUVD-2026-32591

Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parsemarkdown straight to innerHTML with no sanitizer packages/bbui/src/Markdown/MarkdownViewer.svelte:22. Any column a builder binds to a Text component in Markdown mod...

CVE-2026-48152

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which...

CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...