Infoflowcloud

🚨*CVE* CVE-2026-50136 Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs u… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50136 Bud… infoflow.cloud`

🚨*CVE* CVE-2026-50132 Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public endpoint (no auth required) that performs a … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50132 Bud… infoflow.cloud`

🚨*CVE* CVE-2024-23581 The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software or an unrecognized application. cve.org/CVERecord?id=C… ----- Traducción: CVE-2024-23581 Las bibliotecas de HCL Traveler para Mi… infoflow.cloud`

🚨*CVE* CVE-2026-50137 Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id (app_...) and an S3-source datasource i… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-50137 Bud… infoflow.cloud`

🚨*CVE* CVE-2026-54353 Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebind… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-54353 Bud… infoflow.cloud`

🚨*CVE* CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB,… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-54350 Bud… infoflow.cloud`

🚨*CVE* CVE-2026-55069 Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-55069 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-54351 Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body i… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-54351 Bud… infoflow.cloud`

🚨*CVE* CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{exe… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53577 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-53576 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats a… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-53576 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-49984 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. tra… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-49984 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-45807 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pas… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-45807 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-49869 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/config… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-49869 Kes… infoflow.cloud`

🚨*CVE* CVE-2026-48743 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream … cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-48743 Env… infoflow.cloud`

🚨*CVE* CVE-2026-47204 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.g… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-47204 Env… infoflow.cloud`

🚨*CVE* CVE-2026-47221 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contai… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-47221 Env… infoflow.cloud`

🚨*CVE* CVE-2026-47207 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-47207 Env… infoflow.cloud`

🚨*CVE* CVE-2026-48706 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists i… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-48706 Env… infoflow.cloud`

🚨*CVE* CVE-2026-47692 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-47692 Env… infoflow.cloud`

🚨*CVE* CVE-2026-47220 Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is u… cve.org/CVERecord?id=C… ----- Traducción: CVE-2026-47220 Env… infoflow.cloud`