Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

budibase — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in budibase, with AI-generated Chinese analysis, references, and POCs.

Vendor: Budibase

CVE IDTitleCVSSSeverityPublished
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints CWE-287 9.1 Critical2026-04-24
CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette CWE-79 8.7 High2026-04-03
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step CWE-78 9.1 Critical2026-04-03
CVE-2026-35214 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write CWE-22 8.7 High2026-04-03
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist CWE-918 9.6 Critical2026-04-03
CVE-2026-25044 Budibase: Command Injection in Bash Automation Step CWE-78 8.8AIHighAI2026-04-03
CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding CWE-770 5.3 Medium2026-04-03
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview CWE-918 8.7 High2026-03-20
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection CWE-74 9.1 Critical2026-03-09
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets CWE-22 9.6 Critical2026-03-09
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role) CWE-862 8.8AIHighAI2026-03-09
CVE-2026-25737 Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS) CWE-602 8.9 High2026-03-09
CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command CWE-78 9.8AICriticalAI2026-03-09
CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) CWE-20 9.9 Critical2026-02-25
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role CWE-863 8.8AIHighAI2026-01-29
CVE-2023-29010 BudiBase Server-Side Request Forgery vulnerability CWE-918 6.5 Medium2023-04-06

All 16 known CVE vulnerabilities affecting budibase with full Chinese analysis, references, and POCs where available.