Lucene search
K

90 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-54344

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS0.00171EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42299

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-54344

CVE-2026-54344 affects ToolJet prior to version 3.20.180. The render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, enabling any GitHub user who can comment on an open PR with a deploy command to execute shell commands on the CI ...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 5:16 p.m.13 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:8 p.m.8 views

CVE-2026-55411

ToolJet prior to 3.20.1780-lts exposes a cross-tenant confidentiality flaw: authenticated users can decrypt any organization’s data-source secret via POST /api/data-sources/decrypt by supplying a credential_id, because the handler bypasses ValidateDataSourceGuard and ignores organization scoping ...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:8 p.m.4 views

EUVD-2026-39470

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:7 p.m.13 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:7 p.m.29 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:7 p.m.16 views

CVE-2026-55412

ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:7 p.m.5 views

EUVD-2026-39469

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 4:7 p.m.3 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS6AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 4:3 p.m.32 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 4:3 p.m.5 views

EUVD-2026-39467

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:3 p.m.11 views

CVE-2026-55413

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 4:3 p.m.24 views

CVE-2026-55413

ToolJet prior to 3.20.178-lts allows any authenticated builder-role user to overwrite a globally-shared marketplace plugin with arbitrary JavaScript, which executes server-side with full Node.js access (require, process). The malicious code runs when any user queries that plugin, enabling instanc...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 4:3 p.m.3 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-34878

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00958EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32464

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.01036EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-32465

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00475EPSS
Exploits1References2
Rows per page
Query Builder