Lucene search
K

367637 matches found

CVE
CVE
added 2026/05/27 5:9 p.m.18 views

CVE-2026-45716

Budibase vulnerability CVE-2026-45716 affects the onboardUsers endpoint: when SMTP is not configured, POST /api/global/users/onboard allows a builder to create new global admin accounts by injecting attacker-controlled roles, returning the generated password in the response and enabling full priv...

8.8CVSS6AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:9 p.m.14 views

CVE-2026-45717

Budibase (prior to 3.38.1) exposed PUT /api/datasources/:datasourceId under TABLE/READ authorization, allowing any authenticated user with BASIC or higher to overwrite a datasource’s config (host, port, database, URL, credentials). The update merges attacker-controlled fields without builder-leve...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:7 p.m.15 views

CVE-2026-45718

Budibase (open-source low-code platform) fixed in 3.38.1 a vulnerability in the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger). Before 3.38.1, the endpoint did not validate that the provided rowId was within the view’s filters, allowing a user with access to a ...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:7 p.m.13 views

CVE-2026-45719

Budibase is vulnerable to CouchDB reduce injection via the V1 Views API (POST /api/views) where the calculation parameter is interpolated into a CouchDB reduce function without validation. A Builder-permission user can inject arbitrary JavaScript into the reduce function, which CouchDB executes w...

6.5CVSS6AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:6 p.m.17 views

CVE-2026-46425

Budibase contains a SCIM authorization flaw prior to version 3.38.2: the SCIM router (packages/worker/src/api/routes/global/scim.ts) attaches only requireSCIM and doInScimContext middlewares, with no role check. This allows any authenticated user (including BASIC role) who reaches the worker to p...

9.9CVSS5.8AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:5 p.m.14 views

CVE-2026-46424

Budibase vulnerability CVE-2026-46424 affects versions before 3.38.2. The public API endpoint POST /api/public/v1/roles/unassign updates CouchDB user documents but does not invalidate the Redis cache entries used by authentication middleware, so revoked admin/builder/app roles may persist up to 1...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:4 p.m.15 views

CVE-2026-46426

Budibase (open-source low-code) has a stored XSS flaw tracked as CVE-2026-46426. Before version 3.38.2, the file upload endpoint POST /api/attachments/process did not consistently enforce active-content restrictions for authenticated builders. The checks for dangerous extensions (html, svg, js, p...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:3 p.m.13 views

CVE-2026-46427

Budibase prior to 3.38.3 exposes Snowflake private keys via the datasource API. The removeSecrets filter masks only datasource config fields with schema type DatasourceFieldType.PASSWORD; Snowflake integration marks privateKey as SENSITIVE_LONGFORM, which is not filtered, allowing a BASIC-authent...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:1 p.m.17 views

CVE-2026-48128

Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...

5.1CVSS6AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:0 p.m.19 views

CVE-2026-48146

Budibase - CVE-2026-48146: Before 3.39.0, the OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.ts calls raw fetch(config.url) without SSRF protection, while a safe wrapper fetchWithBlacklist() exists and is used for other outbound calls. This allows a user with BUILDER rights ...

7.7CVSS5.8AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:0 p.m.17 views

CVE-2026-4392

CVE-2026-4392 affects TeamSpeak 3 Server versions up to 3.13.7, involving the Handshake Handler component. The issue arises from manipulation of the argument proof, which results in a reachable assertion. The advisory states that remote exploitation is possible. A fix is available in TeamSpeak 3 ...

6.9CVSS5.8AI score0.00402EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 4:59 p.m.13 views

CVE-2026-48149

CVE-2026-48149 affects Budibase prior to version 3.39.0, where the Budibase Text component in Markdown mode rendered markdown by assigning marked.parse(markdown) directly to innerHTML without sanitization (MarkdownViewer.svelte:22). This creates a stored-XSS sink in any column bound to a Text com...

8.1CVSS5.8AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:58 p.m.19 views

CVE-2026-48150

Budibase CVE-2026-48150 describes a privilege-escalation flaw in the /api/public/v1/roles/assign endpoint prior to 3.39.0. The builderOrAdmin middleware trusts the x-budibase-app-id header to identify the app’s builder, and then the controller propagates the request body to the SDK, which can gra...

9CVSS5.8AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:57 p.m.22 views

CVE-2026-48151

Budibase (open-source low-code platform) contains an authorization bypass in the webhook schema-building endpoint prior to 3.39.0. The endpoint under builderRoutes allowed an unauthenticated caller to update the body schema for a known webhook and mutate the associated automation trigger output s...

7.5CVSS5.8AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:57 p.m.15 views

CVE-2026-45162

The CVE-2026-45162 entry is linked to concrete, public advisories for Pimcore in Pimcore v11 that expose unsafe PHP deserialization in multiple locations without allowed_classes. The vulnerabilities occur when data sourced from databases (tmp_store, sites, custom_layouts) or filesystem (WebDAV de...

0.00202EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 4:56 p.m.18 views

CVE-2026-48152

Budibase (open-source low-code) prior to 3.39.0 exposes a vulnerability where a Basic app user (mapped to WRITE permissions) can read an existing REST datasource, obtain redacted authConfigs, and update only the config.url. During update, mergeConfigs() restores the original secret when it detect...

8.1CVSS5.8AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:52 p.m.19 views

CVE-2026-48153

Budibase: CVE-2026-48153 affects Budibase before 3.39.0. The OAuth2 SDK’s fetchToken makes a POST to a builder-supplied URL using plain node-fetch and bypasses the isBlacklisted outbound-fetch path check, and the OAuth2 URL Joi schema has no scheme/host restrictions. This enables SSRF to reach in...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:50 p.m.18 views

CVE-2026-45061

CVE-2026-45061 : Budibase (open-source low-code platform) remains vulnerable to SSRF due to a trivial substring URL check in the Plugin URL upload endpoint (/api/plugin). Before 3.35.10, the code validates only that the URL contains “.tar.gz” anywhere in the string (path, query, or fragment). The...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:45 p.m.23 views

CVE-2026-4391

CVE-2026-4391 affects TeamSpeak 3 Server up to version 3.13.7. The issue is in an unknown code path of the ECC Key Parser, causing a heap-based buffer overflow that could be triggered remotely. A fixed version is 3.13.8, which upgrades the affected component. If exploiting details are not provide...

6.9CVSS6.2AI score0.0042EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 4:39 p.m.12 views

CVE-2026-44460

FileRise (self-hosted web-based file manager) contains a vulnerability in /api/totp_setup.php prior to version 3.12.0. If a session has passed password check (state pending_login_user) and the target account already has TOTP configured, the endpoint decrypts and returns the existing TOTP secret i...

7.4CVSS5.8AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:37 p.m.13 views

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:34 p.m.22 views

CVE-2026-44378

Botan (C++ cryptography library) is affected prior to version 3.12.0. Indefinite-length BER encodings could trigger quadratic parser behavior, even in structures that must be DER, leading to denial of service. The issue is fixed in 3.12.0. There are no explicit exploit details or in-the-wild expl...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/27 4:31 p.m.14 views

CVE-2026-42328

CVE-2026-42328 : go-ipld-prime prior to 0.23.0 had unbounded recursion in the DAG-CBOR and DAG-JSON decoders when processing deeply nested maps/lists. Each nesting level increases the goroutine stack, potentially causing a fatal stack overflow. The issue is resolved by a fix in version 0.23.0 . I...

6.2CVSS5.9AI score0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:30 p.m.21 views

CVE-2026-4390

CVE-2026-4390 affects TeamSpeak 3 Server (up to version 3.13.7). The vulnerability is in the process_resend_queue function of the Connection State Management component, where a manipulation leads to a use-after-free condition. The issue permits remote initiation of an attack under NETWORK, with L...

5.5CVSS5.8AI score0.0026EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 3:59 p.m.21 views

CVE-2026-42081

CVE-2026-42081 — free5GC AMF UE Security Capabilities bypass (NGAP PathSwitchRequest) Affected software: free5GC AMF (prior to 4.2.2). What is vulnerable: The AMF does not verify UE security capabilities received in NGAP PathSwitchRequest against locally stored values, allowing a malicious gNB to...

7.1CVSS5.9AI score0.00266EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 3:59 p.m.16 views

CVE-2026-42082

Free5GC AMF prior to v4.2.2 is vulnerable to missing concurrent NAS SMC validation during NGAP handover. The vulnerability arises because the AMF does not enforce the cross-procedure rules in 3GPP TS 33.501 §6.9.5.1, allowing a NAS Security Mode Command (SMC) to be issued while an N2 handover pro...

5.4CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 3:56 p.m.15 views

CVE-2026-42083

CVE-2026-42083 affects free5GC PCF Npcf_SMPolicyControl where missing router authorization middleware in the smPolicyGroup allowed unauthenticated access to SM policy endpoints (e.g., POST /npcf-smpolicycontrol/v1/sm-policies, GET /sm-policies/{id}, POST /sm-policies/{id}/update, POST /sm-policie...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:53 p.m.16 views

CVE-2026-42459

CVE-2026-42459 documents an improper input validation flaw in free5GC UDM: the SDM (nudm-sdm) service does not validate the SUPI parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters into SUPI. This can cause UDM to forward a malformed URL to UDR and ret...

8.7CVSS5.8AI score0.00324EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 3:52 p.m.18 views

CVE-2026-44315

The CVE describes a vulnerability in free5GC NEF where the 3gpp-pfd-management API is mounted without inbound OAuth2/bearer-token authorization prior to version 4.2.2. An attacker reachable on the SBI can forge Bearer tokens to create, read, and delete PFD-management transactions, with these acti...

9.4CVSS5.9AI score0.00314EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/27 3:52 p.m.21 views

CVE-2026-44316

The CVE describes a nil-pointer dereference in free5GC PCF (POST /npcf-smpolicycontrol/v1/sm-policies) HandleCreateSmPolicyRequest. When a downstream OpenAPI (UDR) lookup returns 404 and the wrapper returns err != nil with a nil response, the code logs the error but does not return, then derefere...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:50 p.m.17 views

CVE-2026-44317

Summary of findings (CVE-2026-44317) : In free5GC’s PCF component, the POST /npcf-policyauthorization/v1/app-sessions handler can panic on a single authenticated request when ascReqData.suppFeat == "1" (traffic-routing feature negotiation) and medComponents includes an AfAppId but no AfRoutReq. T...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:50 p.m.61 views

CVE-2026-48027

Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...

9.8CVSS5.8AI score0.0185EPSS
In wildExploits1References5Affected Software1
CVE
CVE
added 2026/05/27 3:49 p.m.16 views

CVE-2026-44319

Summary (fact-grounded): CVE-2026-44319 affects free5GC NEF prior to version 4.2.2, where an attacker-controlled PFD notifyUri can trigger asynchronous delivery failures that cause NEF to call Fatal and exit, resulting in a complete availability outage until restart. The vulnerability occurs in P...

7.5CVSS5.8AI score0.00404EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:48 p.m.16 views

CVE-2026-44320

Summary: CVE-2026-44320 affects free5GC’s NEF, specifically the nnef-callback route group, which mounts without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token can reach the SMF-callback handler, allowing the callback body to be parsed and dispatched into NEF busines...

7.3CVSS6AI score0.00241EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/27 3:47 p.m.27 views

CVE-2026-44321

The CVE concerns free5GC SMF (v4.2.x) where the UPI route group lacked inbound OAuth middleware, allowing an unauthenticated POST to /upi/v1/upNodesLinks to trigger a validation failure that calls Fatalf, terminating the entire SMF process. Specifically, an attacker-controlled JSON payload can tr...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:46 p.m.24 views

CVE-2026-44322

The CVE-2026-44322 family describes a nil-pointer dereference panic in free5GC NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} that occurs when upstream UDR calls fail and the consumer wrapper returns err != nil with a nil *ProblemDetails. In the errPfdData br...

7.5CVSS5.8AI score0.0039EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:45 p.m.18 views

CVE-2026-44323

This CVE-2026-44323 affects free5GC UDR in the v4.2.1 timeframe, where the DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler dereferences a nil map entry after a missing subsId, causing a nil-pointer panic (HTTP 500) on an authenticated request. ...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:44 p.m.20 views

CVE-2026-44324

Summary (concrete details available) CVE-2026-44324 affects free5GC’s UDR component (v4.2.1 and prior). The vulnerable handler is the nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions. When ueId is missing from UESubsCollection, the code sets a 4...

6.5CVSS6AI score0.0042EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:43 p.m.20 views

CVE-2026-44325

CVE-2026-44325 affects free5GC NRF (v4.2.1) where POST /oauth2/token parses form data with a reflective type-confusion in api_accesstoken.go. The handler reflects over NrfAccessTokenAccessTokenReq, incorrectly treating most fields as a *models.PlmnId and assigns it to various destination fields, ...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:41 p.m.18 views

CVE-2026-44326

CVE-2026-44326 affects free5gc NEF 3gpp-traffic-influence API. Prior to version 4.2.2, the NEF mounts the 3gpp-traffic-influence endpoint without inbound OAuth2/bearer-token authorization. An unauthenticated or forged-token request reachable on the SBI can create, read, patch, and delete traffic-...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/27 3:40 p.m.24 views

CVE-2026-44327

CVE-2026-44327 affects free5GC NEF (nnef-oam route group). Prior to v4.2.2, the OAM route group was mounted without inbound OAuth2/bearer-token authorization, allowing unauthenticated requests to hit OAM endpoints via the SBI. The OAM handler is a stub returning null, but the defect is route-grou...

10CVSS5.8AI score0.00311EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/27 3:39 p.m.22 views

CVE-2026-44328

Summary: CVE-2026-44328 affects free5GC SMF 4.2.1 and is fixed in 4.2.2 via upstream patch PR#199. The SMBI UPI route group was left without inbound OAuth2 middleware, allowing unauthenticated access to delete endpoints. The DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally derefere...

8.2CVSS5.8AI score0.00324EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:38 p.m.32 views

CVE-2026-44329

CVE-2026-44329 affects free5GC SMF v4.2.1 where the UPI management route group is mounted without OAuth2/bearer-token auth. Consequently, unauthenticated requests to /upi/v1/upNodesLinks (GET, POST with attacker-controlled payload, DELETE /upi/v1/upNodesLinks/{nodeID}) can reach SMF business hand...

10CVSS5.8AI score0.00331EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:36 p.m.24 views

CVE-2026-44330

Summary (CVE-2026-44330): free5GC NEF’s nnef-pfdmanagement route group was found to be mounted without inbound OAuth2/bearer-token authorization, exposing read and write access to PFD data and subscriptions. Affected: free5GC v4.2.1 (NEF). Impact: an attacker who can reach the NEF SBI can read PF...

10CVSS5.9AI score0.00287EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/27 3:35 p.m.20 views

CVE-2026-44318

Summary: The vulnerability CVE-2026-44318 affects free5GC BSF before 4.2.2, where PUT /nbsf-management/v1/subscriptions/{subId} unsafely writes to the global Subscriptions map without proper locking in the create-if-absent path. A concurrent authenticated PUT can cause a race between a read (RLoc...

6.5CVSS5.9AI score0.00268EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/27 3:30 p.m.37 views

CVE-2022-41656

CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:25 p.m.14 views

CVE-2026-45335

WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint prior to version 3.7.3. The vulnerability arises via the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle, where the application fails to validate or restrict nextPage. This ...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:24 p.m.17 views

CVE-2026-45027

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, login.php hashes the submitted password with PHP hash(…, 'SHA-256') and no salt, and the password-change flow uses the same pattern. SHA-256 is a fast general-purpose hash, not ideal for password storage, so identical...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:20 p.m.14 views

CVE-2026-44483

RVF prototype pollution risk in form handling : The issue is in the set-get component used by @rvf/core’s preprocessFormData. Vulnerable in @rvf/set-get versions < 6.0.4 (6.x) and

8.2CVSS6AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 3:16 p.m.23 views

CVE-2026-44473

CVE-2026-44473 affects Ella Core (5G core for private networks). Before v1.10.0, a radio with a valid NG Setup could send a forged PDUSessionResourceSetupResponse containing another UE’s AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE’s NG-co...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References1
Total number of security vulnerabilities367637