887931 matches found
GHSA-RGVG-3WPC-H44P Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override
Summary The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the internal appId property by including it in the webhook POST...
GHSA-CQ9C-6W48-QMFG @actual-app/sync-server: Disabled OpenID users keep access through existing session tokens
Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...
GHSA-35C4-RVC8-FRHM Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
Summary The Budibase server route POST /api/attachments/:datasourceId/url packages/server/src/api/routes/static.ts is registered with only the recaptcha middleware. There is no authorized... middleware in the chain. The controller...
GHSA-JJ36-R9W3-3PFH Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...
GHSA-V7J5-VC4M-723W Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
Title Chat Identity Link Hijacking — Attacker Can Silently Map Their Slack/Discord Identity to Any Authenticated Budibase User's Account Severity High — CVSS 3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N = 7.3 Affected Product - Product: Budibase - Version: 3.37.2 introduced in this version - Componen...
GHSA-QC2X-6F54-M6H9 zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet
Impact readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self.datalen. Python's slice silently returns fewer bytes when the end index runs past the...
GHSA-HVQH-JW65-WCPQ devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
Summary The default formatGroup and formatResult functions in devbridge-autocomplete concatenate values into HTML without escaping, allowing XSS when an attacker controls or can taint the suggestion data source. Details 1. formatGroup — category is interpolated raw. src/format.ts: ts function...
GHSA-9M6G-WC8R-Q59C scimPatch vulnerable to prototype pollution via unfiltered keys in patch
Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch on...
GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite
internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...
DEBIAN-CVE-2026-54277
Bulletin has no description...
DEBIAN-CVE-2026-54280
Bulletin has no description...
DEBIAN-CVE-2026-54275
Bulletin has no description...
DEBIAN-CVE-2026-54278
Bulletin has no description...
DEBIAN-CVE-2026-50269
Bulletin has no description...
DEBIAN-CVE-2026-54274
Bulletin has no description...
DEBIAN-CVE-2026-54273
Bulletin has no description...
DEBIAN-CVE-2026-54276
Bulletin has no description...
DEBIAN-CVE-2026-54279
Bulletin has no description...
GHSA-4Q6H-8P4V-67VQ Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata
Summary fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. Alice, a builder, points an...
GHSA-74P7-6H78-GW8P skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
Impact Following the path-safety patches in GHSA-wx3m-whqv-xv47 v0.1.2, a comprehensive multi-angle audit surfaced five further vulnerabilities, now patched in v0.1.3: 1. sourcesha argument injection in git ls-tree CRITICAL. InstalledSkill.sourcesha deserialized from .skills.toml committed,...
GHSA-C4V7-XG93-QF8G Gogs has SSRF in webhook deliveries
Summary The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs. This was already communicated in the initial report but it looks like there...
MINI-HJW5-2J77-9GRP
Bulletin has no description...
MINI-P8QM-XQ4C-3RJM
Bulletin has no description...
MINI-94JP-86QR-555M
Bulletin has no description...
MINI-X4WF-P79W-PHX9
Bulletin has no description...
MINI-27F6-PP6F-9JWJ
Bulletin has no description...
MINI-MHRH-J5CF-MF86
Bulletin has no description...
MINI-V945-2FFP-R95V
Bulletin has no description...
MINI-J9XQ-6347-P35G
Bulletin has no description...
MINI-2FCW-J62J-3V66
Bulletin has no description...
MINI-MJJ7-5GJJ-VQ8C
Bulletin has no description...
MINI-6CPQ-QHQ3-CR26
Bulletin has no description...
MINI-MM5Q-35P7-2VH7
Bulletin has no description...
MINI-23MC-26M6-QJHX
Bulletin has no description...
MINI-2X22-577H-C7G4
Bulletin has no description...
MINI-VWC5-R4JM-GRP9
Bulletin has no description...
MINI-WRMM-84VH-W5RH
Bulletin has no description...
MINI-G89X-HXPF-6VPH
Bulletin has no description...
MINI-P47W-QR3J-Q76F
Bulletin has no description...
MINI-JVRX-FCWP-P2HX
Bulletin has no description...
MINI-Q9WG-8P57-VRGM
Bulletin has no description...
MINI-GPMM-RW4X-HH77
Bulletin has no description...
MINI-JVR9-JH34-5H8H
Bulletin has no description...
MINI-47M7-FWWW-6M5J
Bulletin has no description...
MINI-PQQ2-86H6-W38J
Bulletin has no description...
MINI-VQGJ-6XQR-53W8
Bulletin has no description...
MINI-RCVM-88M5-G924
Bulletin has no description...
MINI-VHGJ-GHV3-5JCP
Bulletin has no description...
MINI-CWMJ-M6R3-W64W
Bulletin has no description...
MINI-W9RV-7FMV-JWXF
Bulletin has no description...