CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

CVE-2026-55413

ToolJet prior to 3.20.178-lts allows any authenticated builder-role user to overwrite a globally-shared marketplace plugin with arbitrary JavaScript, which executes server-side with full Node.js access (require, process). The malicious code runs when any user queries that plugin, enabling instanc...

9.4CVSS6.1AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by