Summary
Budibase has an Account Impersonation Issue — Chat Identity Link Hijacking via Missing Consent & CSRF
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-PWX3-QCGW-VH7H
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
- MEDIUMGHSA-G9FX-5R4H-PCW3
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
- MEDIUMGHSA-4MVW-J8R9-XCGC
OpenCTI May Bypass Introspection Restriction
- HIGHGHSA-V3F4-W7R7-V3HM
Uni-CLI: Legacy HTTP MCP transport accepted browser-originated localhost requests
- MEDIUMGHSA-MXJX-28VX-XJJJ
Network-AI: ApprovalInbox HTTP server has no authentication — anyone can approve pending agent actions
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks