|
5091
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9511
|
2026-05-29 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5092
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.
The random_bytes function fell back to using the built-in rand() function when…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-8647
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5093
|
7.5 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
|
CWE-862
Missing Authorization
|
CVE-2026-48151
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5094
|
8.1 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48149
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5095
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48146
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5096
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted…
|
CWE-93
CRLF Injection
|
CVE-2026-46740
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5097
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D…
|
CWE-200
Information Exposure
|
CVE-2026-46427
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5098
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate…
|
CWE-269
Improper Privilege Management
|
CVE-2026-46424
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5099
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45718
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5100
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically th…
|
CWE-601
Open Redirect
|
CVE-2026-45335
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
