- EPSS 0.06%
- Veröffentlicht 09.03.2026 20:08:32
- Zuletzt bearbeitet 13.03.2026 19:16:21
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at...
CVE-2026-25041
- EPSS 0.06%
- Veröffentlicht 09.03.2026 19:53:10
- Zuletzt bearbeitet 13.03.2026 19:23:55
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) wi...
- EPSS 0.09%
- Veröffentlicht 25.02.2026 15:11:16
- Zuletzt bearbeitet 02.03.2026 19:31:39
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier account...
CVE-2026-25040
- EPSS 0.03%
- Veröffentlicht 29.01.2026 21:33:57
- Zuletzt bearbeitet 03.03.2026 15:19:21
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users...
CVE-2023-29010
- EPSS 0.26%
- Veröffentlicht 06.04.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 07:56:23
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key....
CVE-2022-3225
- EPSS 0.36%
- Veröffentlicht 16.09.2022 17:15:13
- Zuletzt bearbeitet 25.02.2026 16:21:26
Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.