219 matches found
CVE-2025-21618
NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...
Improper Authentication
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Authentication due to improper clearing of cookies through the handlehttp function of the air.py component. An attacker can gain unauthorized access to th...
ai-plays-jackbox (>=0.0.1 <=0.3.2), air-link (>=0.3.0 <=0.5.0) +54 more potentially affected by CVE-2025-21618 via nicegui (>=2.11.0 <=2.8.1)
nicegui PYPI version =2.11.0, =0.0.1, =0.3.0, =0.3.0, =0.0.1, =0.8.0, =0.10.0, =0.0.1, =0.0.3, =1.11.0, =0.13.24, =0.13.27 and more Source cves: CVE-2025-21618 Source advisory: SNYK:PYTHON-NICEGUI-8602522...
CVE-2025-21618 NiceGUI On Air authentication issue
NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...
CVE-2025-21618
CVE-2025-21618 (NiceGUI) affects NiceGUI (Python UI framework) prior to version 2.9.1. The root cause is improper handling of authentication cookies/session state, causing a login in one browser (including incognito) to persist across all other browsers on the same user account. Impact is unautho...
CVE-2025-21618 NiceGUI On Air authentication issue
NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...
CVE-2025-21618 NiceGUI On Air authentication issue
NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1...
PT-2025-4304 · Nicegui · Nicegui
Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 2.9.1 Description: The issue concerns a session management problem in NiceGUI, a Python-based UI framework. Before version 2.9.1, authenticating with NiceGUI would log the user into all browsers, including those in...
NiceGUI 授权问题漏洞
NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. An authorization issue vulnerability exists in NiceGUI versions prior to 2.9.1, which stems from the fact that authentication using NiceGUI can allow a user to log in on all browsers, including those in incognito mode...
Local File Inclusion (LFI)
nicegui is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of resource file requests under the /nicegui/version/resources/key/path:path route, allowing attackers with access to the NiceUI leaflet website to read any file on the backend filesystem accessible to th...
NiceGUI allows potential access to local file system
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
CVE-2024-32005
CVE-2024-32005 : Local File Inclusion in NiceGUI’s leaflet component allows reading any backend file accessible to the web server via requests to /_nicegui/{version }/resources/{key}/{path:path}. Affected upstream: NiceGUI before 1.4.21. Impact: arbitrary file read on the server. Remediation: upg...
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
NiceGUI 安全漏洞
NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions prior to 1.4.21. An attacker exploiting this vulnerability can access any file on the backend file system...
PT-2024-24354 · Nicegui · Nicegui
Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 1.4.21 Description: A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...