3 matches found
CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
PT-2026-2293
Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 1.98 Description TinyWeb is a web server for Win32. Versions of TinyWeb HTTP Server before 1.98 contain a flaw that allows for operating system command injection. This occurs through CGI ISINDEX-style query parameters...
Espruino Null Pointer Dereference Vulnerability
Espruino is a JavaScript interpreter for use in microcontrollers. A security vulnerability exists in Espruino versions prior to 1.98. An attacker could cause a denial of service null pointer backreference and application crash by exploiting this vulnerability with the help of specially crafted...