CVE-2026-45717 high 8.8
8.8
13h ago
Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter…
npm
CVE-2026-45548 high 7.7
7.7
13h ago
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
npm
CVE-2026-45715 high 7.7
7.7
13h ago
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
npm
CVE-2026-45719 medium 6.5
6.5
13h ago
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
npm
CVE-2026-35216 unknown —
—
2mo ago
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step
npm
CVE-2026-35214 unknown —
—
2mo ago
Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write
npm
CVE-2026-25044 unknown —
—
2mo ago
Budibase: Command Injection in Bash Automation Step
npm
CVE-2026-25041 unknown —
—
3mo ago
@budibase/server: Command Injection in PostgreSQL Dump Command
npm