Lucene search
K

150 matches found

RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.3 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 9:32 p.m.3 views

EUVD-2026-18518

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:30 p.m.1 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/02 6:30 p.m.15 views

CVE-2026-5418

The CVE affects appsmith.org Appsmith Dashboard up to version 1.97, specifically the computeDisallowedHosts function in WebClientUtils.java. The issue enables server-side request forgery (SSRF) and may be exploitable remotely; an exploit is publicly available. Mitigation provided in the sources i...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/02 6:30 p.m.26 views

CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Appsmith 代码问题漏洞

Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...

7.5CVSS7.2AI score0.00303EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 8:35 a.m.6 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/31 2:2 a.m.48 views

Exploit for CVE-2026-7299

CVE-2026-7299 - Appsmith 1.98 Stored XSS SQL Autocomplete inn...

6.3CVSS5.9AI score0.00341EPSS
Exploits2
EUVD
EUVD
added 2026/03/27 6:31 p.m.6 views

EUVD-2026-16721

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/27 4:24 p.m.4 views

CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 4:24 p.m.20 views

CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS0.00387EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 4:24 p.m.11 views

CVE-2026-34411

Affected product: Appsmith prior to version 1.98. Root cause: unauthenticated access to instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) that exposes configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. Impact: ...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.12 views

Appsmith 访问控制错误漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to Appsmith 1.98, there was a security vulnerability related to access control. This vulnerability stemmed from unvalidated instance management API endpoint...

6.9CVSS5.8AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2026/03/12 8:36 a.m.6 views

BIT-APPSMITH-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

9CVSS5.8AI score0.00308EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Appsmith 安全漏洞

Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to version 1.96, there were security vulnerabilities in Appsmith. These vulnerabilities stemmed from the lack of HTML cleaning in the Table Widget rendering...

9CVSS5.7AI score0.00308EPSS
Exploits2References2
OSV
OSV
added 2026/03/09 10:26 p.m.5 views

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

9CVSS5.8AI score0.00308EPSS
Exploits2References3
GithubExploit
GithubExploit
added 2026/03/09 1:24 p.m.151 views

Exploit for CVE-2026-30862

CVE-2026-30...

5.8AI score0.00308EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.158 views

📄 Appsmith 1.92 Origin Header Injection

A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...

9.6CVSS5.7AI score0.00393EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/01/23 3:10 p.m.178 views

Exploit for Origin Validation Error in Appsmith

CVE-2026-22794 - Appsmith Origin Header Injection !Python V...

9.6CVSS5.9AI score0.00393EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.14 views

CVE-2026-24042

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished edit-mode actions by sending viewMode=false or omitting it to POST /api/v1/actions/execute. This bypasses the...

9.8CVSS5.9AI score0.00579EPSS
Exploits0References1
Rows per page
Query Builder