Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 6:23 p.m.14 views

Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Summary The buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts share the same structural root cause as the recently patched CVE-2026-31816: route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the...

6.5CVSS5.5AI score0.00115EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 6:23 p.m.7 views

GHSA-WXQ7-X3QP-VCR8 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Summary The buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts share the same structural root cause as the recently patched CVE-2026-31816: route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the...

6.5CVSS5.4AI score0.00115EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 7:17 p.m.3 views

CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-20752

Malware in sbrugna...

7.2CVSS7AI score0.01226EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7626

Malware in sbrugna...

7.5CVSS7.5AI score0.09957EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9723

Malware in sbrugna...

7.8CVSS7.7AI score0.03369EPSS
Exploits1References4
OSV
OSV
added 2018/04/16 9:58 a.m.4 views

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

7.2CVSS6AI score0.01226EPSS
Exploits0References1
Prion
Prion
added 2018/04/16 9:58 a.m.17 views

Cross site request forgery (csrf)

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

6.5CVSS8.2AI score0.01226EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder