EUVD-2025-199691

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...

Caido 注入漏洞

Caido is an application from Caido open source. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. An injection vulnerability exists in versions prior to Caido 0.53.0 that stems from mishandling of the Markdown renderer, which could result in an...

CVE-2025-49004 Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website load...

caido 安全漏洞

caido is an open source application from Caido. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. A security vulnerability exists in versions prior to caido 0.48.0 that stems from a lack of DNS rebinding protection and could lead to remote...

CVE-2025-23039

Caido (web security auditing toolkit) contains a Cross-Site Scripting (XSS) vulnerability in v0.45.0 caused by improper sanitization in the URL decoding tooltip of HTTP request/response editors. This can allow arbitrary script execution and potential theft of sensitive information. The issue is f...

CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...