CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

CNNVD•added 2026/06/02 12:0 a.m.•3 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.12.0 contained a security vulnerability. This vulnerability stemmed from two FastAPI routes that allowed subpath parameters to be resolved into directories, potentially...

5.3CVSS5.3AI score0.00343EPSS

Exploits0References2

vulnersOsv•added 2026/05/18 8:22 p.m.•2 views

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +74 more potentially affected by CVE-2026-45554 via nicegui (>=0.9.11 <=3.10.0)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =1.9.5, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =1.23.0 and more Source cves: CVE-2026-45554 Source advisory: OSV:GHSA-PQ7C-X8G4-RVP6...

5.3CVSS5.4AI score0.00343EPSS

Exploits0

vulnersOsv•added 2026/05/18 8:22 p.m.•5 views

crm-automator (>=1.9.5 <=1.11.5), ex4nicegui (=0.9.0) +3 more potentially affected by CVE-2026-45554 via nicegui (>=3.0.4 <=3.10.0)

nicegui PYPI version =3.0.4, =1.9.5, =1.0.0, =12.22.3, =12.22.5 Source cves: CVE-2026-45554 Source advisory: SNYK:PYTHON-NICEGUI-16757878...

5.3CVSS5.4AI score0.00343EPSS

Exploits0

vulnersOsv•added 2026/05/18 8:21 p.m.•5 views

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +74 more potentially affected by CVE-2026-45553 via nicegui (>=0.9.11 <=3.10.0)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =1.9.5, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =1.23.0 and more Source cves: CVE-2026-45553 Source advisory: OSV:GHSA-JFRM-RX66-G536...

7.5CVSS5.4AI score0.00255EPSS

Exploits0

vulnersOsv•added 2026/04/08 3:4 p.m.•1 views

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +71 more potentially affected by CVE-2026-39844 via nicegui (>=0.9.11 <=3.0.4)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =0.10.0, =0.11.1 and more Source cves: CVE-2026-39844 Source advisory: OSV:GHSA-W8WV-VFPC-HW2W...

7.5CVSS5.4AI score0.00371EPSS

Exploits0

vulnersOsv•added 2026/03/19 6:48 p.m.•3 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +257 more potentially affected by CVE-2026-33332 via nicegui (>=0.9.11 <=3.8.0)

nicegui PYPI version =0.9.11, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.0.0, =0.4.14, =1.0.0, =0.1.0, =1.2.2 and more Source cves: CVE-2026-33332 Source advisory: OSV:GHSA-W5G8-5849-VJ76...

7.5CVSS5.4AI score0.00599EPSS

Exploits0

Vulnrichment•added 2026/02/24 5:0 p.m.•1 views

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

6.1CVSS5.8AI score0.00163EPSS

Exploits0References2

vulnersOsv•added 2026/01/08 8:27 p.m.•8 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +243 more potentially affected by CVE-2026-21874 via nicegui (>=2.11.0 <=3.3.1)

nicegui PYPI version =2.11.0, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21874 Source advisory: OSV:GHSA-MP55-G7PJ-RVM2...

5.3CVSS5.4AI score0.0051EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:16 p.m.•2 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

7.2CVSS5.4AI score0.00233EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:8 p.m.•2 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21872 via nicegui (>=2.22.2 <=3.3.1)

6.1CVSS5.4AI score0.00238EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:0 p.m.•3 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +242 more potentially affected by CVE-2026-21871 via nicegui (>=2.16.1 <=3.3.1)

nicegui PYPI version =2.16.1, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21871 Source advisory: SNYK:PYTHON-NICEGUI-14912442...

6.1CVSS5.4AI score0.00243EPSS

Exploits1

CNNVD•added 2026/01/08 12:0 a.m.•2 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions v2.10.0 through 3.4.1, which originates from an unauthenticated attacker who can exhaust Redis connections, potentially resulting in a service degradation...

5.3CVSS6.6AI score0.0051EPSS

Exploits1References4

Veracode•added 2025/12/13 7:37 a.m.•3 views

Directory Traversal

NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...

7.5CVSS5.9AI score0.00963EPSS

Exploits1References4Affected Software1

NVD•added 2025/12/09 10:16 p.m.•3 views

CVE-2025-66645

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS0.00963EPSS

Exploits1References2

OSV•added 2025/12/09 9:41 p.m.•3 views

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

7.5CVSS6.8AI score0.00963EPSS

Exploits1References4

vulnersOsv•added 2025/12/09 2:25 p.m.•1 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +256 more potentially affected by CVE-2025-66645 via nicegui (>=0.9.11 <=3.3.1)

nicegui PYPI version =0.9.11, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2025-66645 Source advisory: OSV:GHSA-HXP3-63HC-5366...

7.5CVSS5.4AI score0.00963EPSS

Exploits1

vulnersOsv•added 2025/12/09 2:25 p.m.•2 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +205 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)

nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...

7.5CVSS5.4AI score0.00963EPSS

Exploits1

vulnersOsv•added 2025/12/08 9:30 p.m.•3 views

acherion (>=0.2.0 <=0.7.2), aesp (=2025.9.12) +256 more potentially affected by CVE-2025-66469 via nicegui (>=0.9.11 <=3.3.1)

6.1CVSS5.4AI score0.00224EPSS

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1257

Malicious code in bioql PyPI...

8.2CVSS8AI score0.0076EPSS

Exploits0References5

vulnersOsv•added 2025/10/03 7:19 p.m.•3 views

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +71 more potentially affected by CVE-2025-53354 via nicegui (>=0.9.11 <=2.8.1)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =0.10.0, =0.11.1 and more Source cves: CVE-2025-53354 Source advisory: OSV:GHSA-8C95-HPQ2-W46F...

6.1CVSS5.4AI score0.00184EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by