{"vulnerability": "cve-2026-4815", "sightings": [{"uuid": "05de6646-216f-440b-8eb5-2df952a80073", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48150", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6xgnpmn2g", "content": "\ud83d\udd34 CVE-2026-48150 - Critical (9)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is gua...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48150/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:00:49.763812Z"}, {"uuid": "63b86b14-f764-436f-8e42-fbdc784658a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4815", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhvljmkbzc2q", "content": "", "creation_timestamp": "2026-03-25T17:12:25.703663Z"}, {"uuid": "3edbcd71-7f7f-468f-8f81-2e0c2dd897fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48151", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6xo2nd72w", "content": "\ud83d\udfe0 CVE-2026-48151 - High (7.5)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoi...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48151/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:00:57.853480Z"}, {"uuid": "782797e0-d82b-4bf1-917e-566f3f530a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48152", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6zccumf2t", "content": "\ud83d\udfe0 CVE-2026-48152 - High (8.1)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48152/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:01:52.704159Z"}, {"uuid": "6016099d-a5f5-44dd-b98c-4877f6615368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6zk2b2p2w", "content": "\ud83d\udfe0 CVE-2026-48153 - High (8.5)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48153/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:02:00.807109Z"}, {"uuid": "863de294-d623-49e3-851e-660588a3e24c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmu7tb6enp2i", "content": "CVE-2026-48151 - Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema\nCVE ID : CVE-2026-48151\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platfor...", "creation_timestamp": "2026-05-27T19:16:22.884879Z"}, {"uuid": "3f897a48-b2a6-481d-98aa-53d668026cf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48150", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmubhvu6d72c", "content": "CVE-2026-48150 - Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign\nCVE ID : CVE-2026-48150\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0, /api/pu...", "creation_timestamp": "2026-05-27T19:45:49.346964Z"}, {"uuid": "e667063c-d0a1-4530-a52b-3da9980e331f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmucdcb5kf2p", "content": "CVE-2026-48153 - Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata\nCVE ID : CVE-2026-48153\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in...", "creation_timestamp": "2026-05-27T20:01:08.329369Z"}, {"uuid": "5b334811-9c8b-456e-813c-57db8e78b550", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48152", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmucmavj2g2i", "content": "CVE-2026-48152 - Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL\nCVE ID : CVE-2026-48152\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0...", "creation_timestamp": "2026-05-27T20:06:08.893382Z"}, {"uuid": "be3899d9-c7ec-4a21-bf42-216c84edbfb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48155", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwk6k2inb2p", "content": "CVE-2026-48155 - pypdf: Possible large memory usage for large offsets for layout mode text\nCVE ID : CVE-2026-48155\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who...", "creation_timestamp": "2026-05-28T17:26:57.817533Z"}, {"uuid": "e4a04e74-04b8-40d0-9326-06f325734af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48156", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwkejpygx2o", "content": "CVE-2026-48156 - pypdf: Possible long runtimes for zero-only width values in cross-reference streams\nCVE ID : CVE-2026-48156\n \n Published : May 28, 2026, 4:16 p.m. | 15\u00a0minutes ago\n \n Description : pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an at...", "creation_timestamp": "2026-05-28T17:30:19.178549Z"}]}