6
CVE-2026-1776 - Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality wh…
7.1
CVE-2026-30926 - SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook cont…
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint…
7.1
CVE-2026-25960 - SSRF Protection Bypass in vLLM
vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load_from_url_async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses ur…
8.8
CVE-2026-3288 - ingress-nginx rewrite-target nginx configuration injection
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t…
9.1
CVE-2026-31816 - Budibase Universal Auth Bypass via Webhook Query Param Injection
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any reque…
9.6
CVE-2026-30240 - Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environm…
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenticated user with builder privileges to read arbitrary…
6.3
CVE-2025-15603 - open-webui JWT Key start_windows.bat random values
A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible to launch the attac…
8.7
CVE-2026-25045 - Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Rol…
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who sho…
8.9
CVE-2026-25737 - Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restr…
8.6
CVE-2026-25041 - Budibase has a Command Injection in PostgreSQL Dump Command
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other…