9 matches found
CVE-2026-50136
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
CVE-2026-48151
Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...
CVE-2026-28291
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...
CVE-2025-67111
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service DoS via a crafted message...
UBUNTU-CVE-2025-43972
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...
Serendipity freetag cross-site scripting vulnerability
Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in Serendipity freetag plugin versions prior to 3.30. The vulnerability stems from a lack of proper...
ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability
ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...
ABB IP Gateway Unauthorized Access Vulnerability (CNVD-2018-11991)
ABB IP GATEWAY is a building management system from ABB Switzerland. A security vulnerability exists in ABB IP GATEWAY version 3.39 and earlier, which originates from some configuration files containing passwords in clear text. An attacker could use this vulnerability to gain unauthorized access...
Unspecified vulnerability in Omron CX-Supervisor (CNVD-2018-05320)
CX-Supervisor is a Miscellaneous Shareware software.CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. A security vulnerability exists in Omron CX-Supervisor version 3.30, which can be exploited by an attacker to dereference untrusted pointers via an...