Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18 matches found

RedhatCVE
RedhatCVEadded 2026/04/07 5:3 p.m.2 views

CVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00029EPSS
Exploits0References1
NVD
NVDadded 2026/04/06 5:17 p.m.3 views

CVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS0.00029EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/06 4:8 p.m.1 views

EUVD-2026-19354

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00029EPSS
Exploits0References5
CVE
CVEadded 2026/04/06 4:8 p.m.19 views

CVE-2026-34841

Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...

9.8CVSS5.8AI score0.00029EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.3 views

Bruno 安全漏洞

Bruno is an open-source IDE developed by usebruno, designed for exploring and testing APIs. Versions of Bruno prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by a supply chain attack involving a tampered axios npm package, which could potentially deploy...

9.8CVSS5.8AI score0.00029EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-9431

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/04/03 2:40 p.m.6 views

CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS6.8AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/04/03 2:39 p.m.5 views

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS7AI score0.00209EPSS
Exploits1References1
NVD
NVDadded 2025/04/01 3:16 p.m.4 views

CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS0.0026EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/04/01 2:21 p.m.19 views

CVE-2025-30354 Bruno ignores Safe-Mode in Asserts expressions

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS0.00209EPSS
Exploits1References1
CVE
CVEadded 2025/04/01 2:21 p.m.79 views

CVE-2025-30354

Summary: CVE-2025-30354 affects Bruno, an open source API IDE. A bug in the assertion runtime can cause expressions to run in Developer Mode, causing sandbox settings to be ignored when a single request is executed, specifically when importing collections from untrusted or malicious sources. It r...

8.7CVSS6.9AI score0.00209EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/04/01 2:21 p.m.5 views

CVE-2025-30354 Bruno ignores Safe-Mode in Asserts expressions

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS6.9AI score0.00209EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/04/01 2:16 p.m.10 views

CVE-2025-30210 Bruno XSS On Environment Name

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS0.0026EPSS
Exploits1References1
CVE
CVEadded 2025/04/01 2:16 p.m.85 views

CVE-2025-30210

CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...

8.7CVSS6.7AI score0.0026EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/04/01 2:16 p.m.4 views

CVE-2025-30210 Bruno XSS On Environment Name

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS6.7AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/04/01 12:0 a.m.3 views

PT-2025-14117 · Bruno · Bruno

Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: A bug in the assertion runtime of Bruno, an open source IDE for exploring and testing APIs, caused assert expressions to run in Developer Mode even when Safe Mode was selected. This resulted in the...

8.7CVSS6.4AI score0.00209EPSS
Exploits1References4
Packet Storm
Packet Stormadded 2025/01/16 12:0 a.m.194 views

Bruno IDE Desktop Command Injection

A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. ===== Tempest Security Intelligence - ADV-10/2024...

6.5CVSS7.3AI score0.00204EPSS
Exploits3
0day.today
0day.todayadded 2025/01/16 12:0 a.m.160 views

Bruno IDE Desktop Command Injection Vulnerability

Bruno IDE Desktop prior to 1.29.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed Description Timeline of Disclosure Thanks & Acknowledgements References =====...

6.5CVSS7.1AI score0.00204EPSS
Exploits3
Rows per page
Query Builder