Lucene search
K

9 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:36 p.m.7 views

CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-48151

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...

7.5CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:15 p.m.5 views

CVE-2026-28291

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

9.8CVSS6AI score0.02712EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2025/12/23 12:0 a.m.23 views

CVE-2025-67111

An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service DoS via a crafted message...

0.00297EPSS
Exploits0References2
OSV
OSV
added 2025/04/21 1:15 a.m.2 views

UBUNTU-CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context...

7.5CVSS5.8AI score0.00462EPSS
Exploits0References4
CNVD
CNVD
added 2020/02/18 12:0 a.m.4 views

Serendipity freetag cross-site scripting vulnerability

Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in Serendipity freetag plugin versions prior to 3.30. The vulnerability stems from a lack of proper...

6.1CVSS6.4AI score0.01222EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/13 12:0 a.m.2 views

ZyXEL ZyWALL USG Cross-Site Request Forgery Vulnerability

ZyXEL ZyWALL USG is a network security firewall appliance from Hopkins ZyXEL Technology. A cross-site request forgery vulnerability exists in ZyXEL ZyWALL USG version 2.12 AQQ.2 and 3.30 AQQ.7. A remote attacker can exploit this vulnerability by adding user accounts with the help of the 'cmd'...

8.8CVSS8.5AI score0.00494EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/06 12:0 a.m.6 views

ABB IP Gateway Unauthorized Access Vulnerability (CNVD-2018-11991)

ABB IP GATEWAY is a building management system from ABB Switzerland. A security vulnerability exists in ABB IP GATEWAY version 3.39 and earlier, which originates from some configuration files containing passwords in clear text. An attacker could use this vulnerability to gain unauthorized access...

9.8CVSS9.6AI score0.01678EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/14 12:0 a.m.2 views

Unspecified vulnerability in Omron CX-Supervisor (CNVD-2018-05320)

CX-Supervisor is a Miscellaneous Shareware software.CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. A security vulnerability exists in Omron CX-Supervisor version 3.30, which can be exploited by an attacker to dereference untrusted pointers via an...

5.3CVSS6.9AI score0.00348EPSS
Exploits0References1
Rows per page
Query Builder