Vulnerabilidades en Budibase
38 resultadosCVE-2026-31816CRITICALBudibase Universal Auth Bypass via Webhook Query Param InjectionEPSS 15.3%CVE-2026-35216CRITICALBudibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation StepEPSS 12.0%CVE-2022-3225HIGHImproper Control of Dynamically-Managed Code Resources in budibase/budibaseEPSS 0.7%CVE-2023-29010MEDIUMBudiBase Server-Side Request Forgery vulnerabilityEPSS 0.6%CVE-2026-35214HIGHBudibase: Path traversal in plugin file upload enables arbitrary directory deletion and file writeEPSS 0.6%CVE-2026-25040MEDIUMBudibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any RoleEPSS 0.5%CVE-2026-25041HIGHBudibase has a Command Injection in PostgreSQL Dump CommandEPSS 0.5%CVE-2026-25044HIGHBudibase: Command Injection in Bash Automation StepEPSS 0.5%CVE-2026-41428CRITICALBudibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected EndpointsEPSS 0.4%CVE-2026-31818CRITICALBudibase: Server-Side Request Forgery via REST Connector with Empty Default BlacklistEPSS 0.4%CVE-2026-33226HIGHBudibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query PreviewEPSS 0.4%CVE-2026-27702CRITICALBudibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)EPSS 0.3%CVE-2026-35218HIGHBudibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command PaletteEPSS 0.3%CVE-2026-48128MEDIUMBudibase: SSRF via User-Controlled queryId in Automation Execute Query StepEPSS 0.3%CVE-2026-25043MEDIUMBudibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email FloodingEPSS 0.3%CVE-2026-48150CRITICALBudibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assignEPSS 0.3%CVE-2026-25045HIGHBudibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)EPSS 0.3%CVE-2026-46425CRITICALBudibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant usersEPSS 0.3%CVE-2026-42239HIGHBudibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeoverEPSS 0.3%CVE-2026-30240CRITICALBudibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment SecretsEPSS 0.3%