CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-54352
Critical

Budibase before version 3.39.9 contains a vulnerability due to improper validation of symbolic links during ZIP file processing. A builder-level attacker can inject a symbolic link pointing to any file on the system, which will be read and uploaded to MinIO, then served via the API.

CVE-2026-54351
High

Budibase prior to version 3.39.9 has a vulnerability in the webhook trigger endpoint, which is publicly accessible and passes the full HTTP request body into automation execution parameters. An attacker can overwrite the internal appId property, allowing automation execution in the victim's context and granting full read/write access to the victim's database.

CVE-2026-54350
Critical

Budibase before version 3.39.12 contains a vulnerability that allows an unauthenticated user to read all documents from MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collections, and if a public write query exists, to modify all documents in a single HTTP request. The issue stems from improper input validation in the validateQueryInputs function, which only rejects Handlebars markers but does not escape JSON metacharacters, enabling injection of additional fields into the filter object.

CVE-2026-52885
Medium

In Notepad++ prior to 8.9.6.4, a TOCTOU vulnerability exists in handling shortcuts.xml. The HMAC check occurs at command execution time, but the command payload is taken from memory that is not synchronized with the disk file. An attacker can swap the file before launch and restore it afterward, allowing malicious commands to execute.

CVE-2026-52884
High

Notepad++ version 8.9.6.1 has a vulnerability where the isInTrustedDirectory() function does not canonicalize the path before checking. It uses a prefix-based check that can be bypassed with a path containing ..\..\ after a trusted directory prefix, resolving to an untrusted location. This issue is fixed in version 8.9.6.2.

CVE-2026-50137
Critical

Budibase prior to version 3.39.0 contains a vulnerability allowing an anonymous attacker to obtain a pre-signed PUT URL for any S3 bucket the victim has access to. The attack requires knowledge of a workspace ID and S3 datasource ID but no authentication.

CVE-2026-50136
High

Budibase prior to 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials from a workspace datasource. The route is protected only by recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access.

CVE-2026-50132
High

A vulnerability in Budibase before 3.39.0 allows an attacker to permanently link a victim's account to an external chat identity (Slack/Discord/MS Teams) without user consent. The public endpoint lacks authentication and CSRF protection, and the attack requires tricking an authenticated user into visiting a crafted URL.

CVE-2026-48800
High

Notepad++ prior to version 8.9.6.1 contains a vulnerability due to missing validation of the <Command> tag content in shortcuts.xml. An attacker can inject arbitrary commands that execute when the user clicks the corresponding entry in the Run menu.

CVE-2026-48778
HighEPSS 68%

Notepad++ prior to version 8.9.6.1 has a vulnerability due to missing validation of the <GUIConfig name="commandLineInterpreter"> tag in config.xml. An attacker can modify this file to execute arbitrary commands with user privileges when the console is opened via File → Open Containing Folder → cmd.

CVE-2026-48770
Medium

Notepad++ prior to version 8.9.6.1 contains a vulnerability in handling WM_COPYDATA messages. A local process in the same Windows session can send a malformed message that does not enforce data length checking, potentially leading to a buffer overflow.

CVE-2026-46710
High

Notepad++ versions 8.9.4 through 8.9.6 contain a local privilege escalation vulnerability in the installer. During installation, the installer invokes powershell.exe without an absolute path after setting the working directory to the contextMenu directory. If an attacker places a malicious powershell.exe in a user-writable installation directory and a privileged user runs the installer selecting that directory, the attacker-controlled executable runs with elevated privileges.

CVE-2026-46604
High

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

CVE-2026-39031
Medium

The vulnerability in Lansweeper lsrunase 2.0 and lsencrypt 2.0 uses RC4 encryption with a hardcoded 142-byte static key. An 8-character prefix is stored in cleartext alongside the ciphertext, allowing a local attacker to recover any encrypted password to plaintext without brute force.

CVE-2026-38641
High

A vulnerability in the DSO::mmap_and_copy function of relibc (commit 61f42d) allows attackers to cause a Denial of Service (DoS) by loading a crafted shared library.

CVE-2026-38639
High

A vulnerability in the parse_month function (/time/strptime.rs) of relibc (commit ab6a2e) allows an attacker to cause a Denial of Service (DoS) by parsing a crafted input.

CVE-2024-23581
Medium

HCL Traveler for Microsoft Outlook libraries are being falsely flagged as potentially malicious software or an unrecognized application. This may prevent installation or execution of the software by security systems.

CVE-2026-55838
Medium

In RustFS version 1.0.0-beta.7 and earlier, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. The validate_admin_request call is missing, allowing restricted users to read sensitive cluster-wide operational data.

CVE-2026-55189
High

In RustFS from version 1.0.0-alpha.1 to 1.0.0-beta.9, when the FTP frontend is enabled, the read and probe handlers (RETR, SIZE, MDTM, CWD) bypass the IAM authorization function, allowing any authenticated FTP user to read and stat any object in any bucket regardless of their IAM policy.

CVE-2026-55188
High

In RustFS versions from 1.0.0-alpha.1 to 1.0.0-beta.9, an authorization bypass was found in the bucket replication admin API. The ListRemoteTargetHandler for listing remote replication targets only checks whether request credentials exist, but does not verify that the caller has replication or administrator permissions. As a result, an authenticated user with no effective bucket or admin permissions can list remote replication target configuration for a bucket.

PreviousPage 145 of 4551Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS