13 matches found
CVE-2026-50136
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
Missing Authorization
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Missing Authorization via the getSignedUploadURL process. An attacker can gain unauthorized access to generate AWS S3 pre-signed PUT URLs using stored IAM credentials by sending unauthenticated...
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
EUVD-2026-34279
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...
CVE-2023-49099
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
EUVD-2023-53108
Malicious code in bioql PyPI...
EUVD-2022-38138
Malicious code in bioql PyPI...
Design/Logic Flaw
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
Information disclosure
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
CVE-2022-35246
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...
Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs
Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...