GHSA-8783-3WGF-JGGF Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

Partial String Comparison

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuratio...

Partial String Comparison

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a predicti...

basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...

CVE-2026-33207

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

CVE-2026-4005

The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield on the 'userhash'...

CLSA-2026-1776329620 glib2: Fix of 6 CVEs

CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2025-14512: fix integer overflow in escapebytestring for byte strings with many invalid characters - CVE-2026-1485: fix buffer underflow in content type...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

CVE-2026-40504

CVE-2026-40504 affects Creolabs Gravity prior to 0.9.6. A heap buffer overflow in gravity_vm_exec can be triggered by scripts containing many string literals at global scope, with insufficient bounds checking in gravity_fiber_reassign() that can corrupt heap metadata and lead to arbitrary code ex...

PT-2026-35071

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The authenticated middleware uses unanchored regular expressions to match public endpoint patterns against the ctx.request.url variable. Because ctx.request.url in Koa includes the query string, an...

GHSA-4G48-54Q2-FG7Q Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidently logged to logs, those values could be seen in the logs. Azure...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data for the accesskey and connectionstring properties, which were not properly masked as sensitive information. An attacker can obtain confidential credentials by accessing the Connection UI...

CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

CVE-2026-25219

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

PT-2026-33058

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.1.8 Description The secrets masker failed to mark the access key and connection string connection properties as sensitive. This allows users with read permissions to view these values in the Connection UI...

GHSA-355H-QMC2-WPWF Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

Description as reported Jetty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Background This vulnerability is a new variant discovered while researching the "Funky Chunks" HTTP request smuggling techniques: -...