Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hoppscotch 访问控制错误漏洞

Hoppscotch is an open-source API development ecosystem created by Hoppscotch. Versions of Hoppscotch from 2026.2.0 to 2026.4.0 contained a access control vulnerability. This vulnerability stemmed from the GET /v1/onboarding/config endpoint, which still exposed all infrastructure secrets in plain...

7.5CVSS5.8AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 7:21 p.m.3 views

CVE-2026-34931 hoppscotch: Improper loopback redirect_uri validation in device-login flow

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in version 2026.3.0...

8.5CVSS5.8AI score0.00373EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:36 p.m.2 views

CVE-2026-28216

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...

8.3CVSS5.8AI score0.00394EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.9 views

CVE-2022-0121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1...

8CVSS7.9AI score0.01199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.8 views

CVE-2024-27092

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

5.4CVSS6.7AI score0.00608EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/05 8:2 p.m.10 views

CVE-2023-34097 Database password exposed in logs in hoppscotch

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...

7.8CVSS8.7AI score0.0068EPSS
Exploits1References2
Rows per page
Query Builder