CVE-2026-48128

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

CVE-2026-48128

Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...

CVE-2026-48128

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the automated...

SVXportal 安全漏洞

SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation for the search query parameter in the log.php file, which could lead to reflection-type...

EUVD-2020-7901

Malware in sbrugna...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

CVE-2024-9982

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

PT-2023-30383 · WordPress · Wp All Export Pro +1

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 Description: The issue concerns the lack of validation and sanitization of the wp query parameter, allowi...

PYSEC-2022-43064

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

CVE-2020-15928

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

Ortus Solutions Testbox Command Injection Vulnerability

Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A security vulnerability in Ortus TestBox versions 2.4.0 through 4.1.0, which originates from an unvalidated query string parameter passed to...

CVE-2017-17425

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue...