CVE ID :CVE-2026-54352 Published : June 26, 2026, 8:32 p.m. | 4 hours, 38 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-54352 - Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload

VERWANDTEARTIKEL

CVE-2026-56414 - H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type

CVE-2026-55975 - H.VIEW HV-500S6 IP Camera OS Command Injection

CVE-2026-31928 - Daktronics Controller Firmware Use of Hard-coded Credentials

CVE-2026-33560 - Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

CVE-2026-28701 - Daktronics Controller Firmware Path Traversa

CVE-2026-49869 - Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`