CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

PT-2025-14115 · Unknown +1 · React-Tooltip +1

Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: The issue arises from custom tool-tip components using react-tooltip, which set content as raw HTML and inject it into the DOM on hover. This, combined with loose Content Security Policy restriction...

Upgraded Q -> 2 from #854 [1683053416481]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: L-07 Malicious collection owner could steal all base tokens by updating royalty during calls 1 --- The text was updated successfully, but these errors were encountered: All reactions...

SULU Sulu 跨站脚本漏洞

SULU Sulu is an extensible, PHP-based open source content management system on Symfony framework from Sulu SULU Austria. A cross-site scripting vulnerability exists in Sulu, which stems from a collection title that does not securely validate user input, and allows an attacker to enter a malicious...

Directory Traversal

ansible is vulnerable to directory traversal. When extracting a collection of .tar.gz file, neither install nor the called extracttarfile performs any validation or sanitization of the filenames. This allows a malicious collection of .tar.gz file to be written in arbitrary location on the file...