Lucene search
K

8 matches found

Cloud Foundry
Cloud Foundry
added 2026/06/01 12:0 a.m.7 views

CVE-2026-41013 - Tenant-controlled comma smuggles arbitrary CIFS mount options | Cloud Foundry

HIGH CVSS 3.1 Score: 8.5 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. smb-volume-release – All versions prior to v3.60.0 CF Deployment – All versions prior to v56.0.0 Description Input validation bypass in SMB volume...

8.1CVSS6AI score0.00239EPSS
Exploits0
OSV
OSV
added 2026/04/16 10:49 p.m.6 views

GHSA-3XX2-MQJM-HG9X Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise

Summary The GET, POST, and DELETE handlers under /agents/:id/keys in the Paperclip control-plane API only call assertBoardreq, which verifies that the caller has a board-type session but does not verify that the caller has access to the company owning the target agent. A board user whose membersh...

9.9CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

8.8CVSS5.8AI score0.00292EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 8:11 p.m.9 views

CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

8.7CVSS5.9AI score0.00292EPSS
Exploits1References3
CVE
CVE
added 2026/03/09 8:11 p.m.19 views

CVE-2026-25045

Budibase (backend API /api/global/users) is affected by a missing server-side RBAC check allowing Creator-level users to elevate privileges (e.g., promote Tenant Admin, demote Admin, modify Owner) and perform IDOR actions, leading to full tenant compromise. Root cause: RBAC checks not enforced se...

8.8CVSS5.8AI score0.00292EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.8 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase has a security vulnerability that stems from the lack of server-side RBAC checks in the/api/global/users...

8.8CVSS5.8AI score0.00292EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/03 12:0 a.m.4 views

EUVD-2025-206710

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS5.5AI score0.00383EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.3 views

NT-ware uniFLOW Online 安全漏洞

NT-ware uniFLOW Online is a secure public cloud printing and scanning solution from NT-ware. A security vulnerability exists in NT-ware uniFLOW Online version 2024.1.0 and prior versions, which stems from the possibility that tenants may be compromised when email login is enabled. The vulnerabili...

8.3CVSS6.8AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder