42 matches found
Caido-Plugin
Github • Documentation  ...
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853
CVE-2026-24853 affects Caido before version 0.55.0. The issue allows bypassing domain-based access controls on the 8080 port by injecting an X-Forwarded-Host header (127.0.0.1:8080). Multiple sources confirm the vulnerability exists in Caido up to 0.54.x and was fixed in 0.55.0. Impact details in...
CVE-2026-24853
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
CVE-2026-24853 Caido has an insufficient patch for DNS rebind leading to RCE
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This...
Caido 安全漏洞
Caido is an open-source application developed by Caido. It aims to help security professionals and enthusiasts efficiently and easily audit web applications. Versions of Caido prior to 0.55.0 contained a security vulnerability that allowed bypassing connection restrictions for domains not on the...
PT-2026-8042
Name of the Vulnerable Software and Affected Versions Caido versions prior to 0.55.0 Description Caido is a web security auditing toolkit. Before version 0.55.0, the software blocked connections from non-whitelisted domains attempting to reach the 8080 port, displaying a message indicating the...
CVE-2025-23039
Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...
CVE-2025-66025
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-66025
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-66025 Caido Improperly Handles External Links in Markdown
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-66025 Caido Improperly Handles External Links in Markdown
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
EUVD-2025-199691
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-66025 Caido Improperly Handles External Links in Markdown
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
CVE-2025-66025
Caido: Prior to 0.53.0, its Findings page Markdown renderer mishandled user-supplied Markdown, allowing attacker-controlled links to render without confirmation. When a user opened a finding from the scanner or plugins, clicking injected links could redirect the Caido application to attacker-cont...
PT-2025-48125
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or...
Caido 注入漏洞
Caido is an application from Caido open source. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. An injection vulnerability exists in versions prior to Caido 0.53.0 that stems from mishandling of the Markdown renderer, which could result in an...