Total
358423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-48152 | 2026-05-27 | N/A | 8.1 HIGH | ||
| Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which includes table read/write and query write. A Basic user can therefore read an existing REST datasource, receive redacted authConfigs values, submit an update that changes only config.url while keeping the redacted placeholders, and trigger an existing saved relative-path REST query. During update, mergeConfigs() restores the old stored secret when it sees the redaction placeholder. During query execution, Budibase prefixes the attacker-controlled datasource config.url to the relative query path and applies the resolved stored auth headers. The result is server-side disclosure of the builder-configured REST Authorization secret to an attacker-controlled listener. This vulnerability is fixed in 3.39.0. | |||||
| CVE-2026-48147 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. The CSRF middleware in the Budibase Worker uses this matching system to decide whether to skip CSRF token validation. An unauthenticated attacker can forge state-changing cross-origin requests against any Worker API endpoint by injecting a public route pattern into the query string, causing the CSRF middleware to skip token validation entirely. This allows actions such as sending admin invites, modifying global configuration, and managing users without a valid CSRF token. This vulnerability is fixed in 3.35.4. | |||||
| CVE-2026-48128 | 2026-05-27 | N/A | N/A | ||
| Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side request forgery path where automation execution causes the Budibase server to make outbound HTTP requests to attacker-influenced destinations. The automation output then returns the response, potentially exposing internal service data. This vulnerability is fixed in 3.39.0. | |||||
| CVE-2026-45719 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API (POST /api/views) accepts a calculation parameter from the request body that is interpolated directly into a CouchDB reduce function definition without validation. Although an internal SCHEMA_MAP object defines the valid calculation types (sum, count, stats), no actual validation is performed against this map before the value is used in string interpolation. A user with Builder permissions can inject arbitrary JavaScript code that will be executed within the CouchDB JavaScript engine when the view is queried. This vulnerability is fixed in 3.38.1. | |||||
| CVE-2026-45716 | 2026-05-27 | N/A | 8.8 HIGH | ||
| Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured (the default for self-hosted Budibase instances), this endpoint bypasses the admin-restricted invite flow and directly creates users via bulkCreate, accepting arbitrary admin and builder role assignments from the request body. A builder-level user can create a new global admin account and receive the generated password in the response, achieving full privilege escalation. This vulnerability is fixed in 3.38.1. | |||||
| CVE-2026-45548 | 2026-05-27 | N/A | 7.7 HIGH | ||
| Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetch(fileUrl) directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated user to trigger server-side requests to internal network addresses. This vulnerability is fixed in 3.34.8. | |||||
| CVE-2026-42572 | 1 Hatchet | 1 Hatchet | 2026-05-27 | N/A | 5.3 MEDIUM |
| Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This vulnerability is fixed in 0.83.39. | |||||
| CVE-2026-38931 | 2026-05-27 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload. | |||||
| CVE-2026-37711 | 2026-05-27 | N/A | 7.3 HIGH | ||
| An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php | |||||
| CVE-2026-38426 | 2026-05-27 | N/A | 7.3 HIGH | ||
| Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function. | |||||
| CVE-2026-38427 | 2026-05-27 | N/A | 7.3 HIGH | ||
| An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read. | |||||
| CVE-2026-44474 | 2026-05-27 | N/A | 3.7 LOW | ||
| Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa). Concurrent Security Mode Command and N2 handover produce a KgNB mismatch between the UE and target gNB, causing the handover to fail. Requires a stalled gNB + re-registration race to trigger. This vulnerability is fixed in 1.10.0. | |||||
| CVE-2026-44473 | 2026-05-27 | N/A | 7.1 HIGH | ||
| Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection, then creates a GTP tunnel towards that radio. This vulnerability is fixed in 1.10.0. | |||||
| CVE-2026-44475 | 2026-05-27 | N/A | 6.1 MEDIUM | ||
| Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with arbitrary values by sending a single crafted PathSwitchRequest. This vulnerability is fixed in 1.10.0. | |||||
| CVE-2025-43290 | 1 Apple | 1 Macos | 2026-05-27 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-43306 | 1 Apple | 1 Macos | 2026-05-27 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-43451 | 1 Apple | 1 Macos | 2026-05-27 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||||
| CVE-2025-46280 | 1 Apple | 1 Macos | 2026-05-27 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-46284 | 1 Apple | 1 Macos | 2026-05-27 | N/A | 7.0 HIGH |
| A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges. | |||||
| CVE-2026-36239 | 2026-05-27 | N/A | 4.3 MEDIUM | ||
| PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality | |||||