CVE-2026-48153 Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

CVE-2026-48153

Budibase: CVE-2026-48153 affects Budibase before 3.39.0. The OAuth2 SDK’s fetchToken makes a POST to a builder-supplied URL using plain node-fetch and bypasses the isBlacklisted outbound-fetch path check, and the OAuth2 URL Joi schema has no scheme/host restrictions. This enables SSRF to reach in...

CVE-2026-48153 Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no...

EUVD-2025-29109

Malicious code in bioql PyPI...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2025-10391

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

CVE-2025-10391

CRMEB up to 5.6.1 is affected by a server-side request forgery in the testOutUrl function (app/services/out/OutAccountServices.php) via manipulating the push_token_url argument. This allows remote exploitation and has been publicly disclosed; vendor response is absent. Remediation: upgrade to a f...

CVE-2025-10391 CRMEB OutAccountServices.php testOutUrl server-side request forgery

A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...

PT-2025-37402

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.6.1 Description: A security issue exists in CRMEB that allows for server-side request forgery. The testOutUrl function within the app/services/out/OutAccountServices.php file is affected. Manipulation of the push tok...

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

Server-side Request Forgery (SSRF)

Overview fastagency is a The fastest way to bring multi-agent workflows to production Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OAuth2PasswordBearer class's gettoken method, where the tokenurl is constructed from unvalidated OpenAPI schema...