219 matches found
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45554
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45554
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
EUVD-2026-33965
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-45554 NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-45554 NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-45554
NiceGUI is a Python UI framework. Before version 3.12.0, two FastAPI routes serving per-component static assets accept a sub-path that can resolve to a directory, causing an unhandled RuntimeError inside Starletteβs FileResponse. Uvicorn logs the full traceback, and since these routes require no ...
CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
CVE-2026-45553
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
EUVD-2026-33963
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...
Allocation of Resources Without Limits or Throttling
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the FileResponse method. An unauthenticated attacker can exhaust disk space, saturate log pipelines, or...
GHSA-JFRM-RX66-G536 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Summary ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard Docutils directives include, csv-table with :file:, raw wi...
External Control of File Name or Path
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to External Control of File Name or Path via the preparecontent function. An attacker can access sensitive local files readable by the server by supplying specially...
PT-2026-41779
Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.12.0 Description Two FastAPI routes used for serving per-component static assets accept a sub-path parameter that can resolve to a directory instead of a file. When a request resolves to a directory, it triggers an...
Malicious Package
Overview nicegui is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection between those...
PT-2026-41235
Name of the Vulnerable Software and Affected Versions NiceGUI affected versions not specified Description The ui.restructured text function renders reStructuredText server-side using Docutils without disabling file insertion directives. When attacker-controlled content is passed to this function,...
π NiceGUI 3.6.1 Path Traversal
NiceGUI version 3.6.1 suffers from a path traversal vulnerability. Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8β3.12 on Linux/Windows CVE:...
NiceGUI 3.6.1 - Path Traversal
Exploit Title: NiceGUI 3.6.1 - Path Traversal Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: NiceGUI = 3.6.1 Python 3.8β3.12 on Linux/Windows CVE: CVE-2026-25732 Affected Versions: = 3.6.1 fixed in 3.7.0 Type: Remote...