CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Vulnrichment•added 2026/02/24 5:0 p.m.•1 views

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

6.1CVSS5.8AI score0.00047EPSS

Exploits0References2

vulnersOsv•added 2026/01/08 8:27 p.m.•3 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +224 more potentially affected by CVE-2026-21874 via nicegui (>=2.11.0 <=3.3.1)

nicegui PYPI version =2.11.0, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21874 Source advisory: OSV:GHSA-MP55-G7PJ-RVM2...

5.3CVSS5.8AI score0.00029EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:16 p.m.•1 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21873 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21873 Source advisory: SNYK:PYTHON-NICEGUI-14912444...

7.2CVSS5.8AI score0.0002EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:8 p.m.•1 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21872 via nicegui (>=2.22.2 <=3.3.1)

nicegui PYPI version =2.22.2, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21872 Source advisory: OSV:GHSA-M7J5-RQ9J-6JJ9...

6.1CVSS5.8AI score0.0002EPSS

Exploits1

vulnersOsv•added 2026/01/08 8:0 p.m.•1 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21871 via nicegui (>=2.16.1 <=3.3.1)

nicegui PYPI version =2.16.1, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21871 Source advisory: SNYK:PYTHON-NICEGUI-14912442...

6.1CVSS5.8AI score0.00021EPSS

Exploits1

CNNVD•added 2026/01/08 12:0 a.m.•1 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions v2.10.0 through 3.4.1, which originates from an unauthenticated attacker who can exhaust Redis connections, potentially resulting in a service degradation...

5.3CVSS6.6AI score0.00029EPSS

Exploits1References4

Veracode•added 2025/12/13 7:37 a.m.•2 views

Directory Traversal

NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...

7.5CVSS5.9AI score0.00755EPSS

Exploits1References4Affected Software1

NVD•added 2025/12/09 10:16 p.m.•1 views

CVE-2025-66645

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

7.5CVSS0.00755EPSS

Exploits1References2

OSV•added 2025/12/09 9:41 p.m.•1 views

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

7.5CVSS6.8AI score0.00755EPSS

Exploits1References4

vulnersOsv•added 2025/12/09 2:25 p.m.•0 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +237 more potentially affected by CVE-2025-66645 via nicegui (>=0.9.11 <=3.3.1)

nicegui PYPI version =0.9.11, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2025-66645 Source advisory: OSV:GHSA-HXP3-63HC-5366...

7.5CVSS5.8AI score0.00755EPSS

Exploits1

vulnersOsv•added 2025/12/09 2:25 p.m.•1 views

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +186 more potentially affected by CVE-2025-66645 via nicegui (>=3.0.4 <=3.3.1)

nicegui PYPI version =3.0.4, =0.2.0, =1.0.0, =0.4.0, =0.1.0, =0.2.200, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 - boaboard =0.1.0 and more Source cves: CVE-2025-66645 Source advisory: SNYK:PYTHON-NICEGUI-14236612...

7.5CVSS5.8AI score0.00755EPSS

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-1257

Malicious code in bioql PyPI...

8.2CVSS8AI score0.00116EPSS

Exploits0References5

vulnersOsv•added 2025/10/03 7:19 p.m.•1 views

ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.0.0 <=0.5.0) +70 more potentially affected by CVE-2025-53354 via nicegui (>=0.9.11 <=2.8.1)

nicegui PYPI version =0.9.11, =0.0.1, =0.0.0, =0.1.0, =1.1.3, =0.3.0, =0.0.1, =0.6.7, =1.0.0, =1.2.0, =0.10.0, =0.11.1 and more Source cves: CVE-2025-53354 Source advisory: OSV:GHSA-8C95-HPQ2-W46F...

6.1CVSS5.8AI score0.00025EPSS

Exploits0

RedhatCVE•added 2025/02/05 6:58 a.m.•5 views

CVE-2024-32005

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

8.2CVSS7.9AI score0.00116EPSS

Exploits0References1

NVD•added 2025/01/06 5:15 p.m.•8 views

CVE-2025-21618

NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...

7.5CVSS0.00172EPSS

Exploits0References2