22 matches found
EUVD-2024-39424
Malicious code in bioql PyPI...
EUVD-2025-14198
Malicious code in bioql PyPI...
Malicious code in retool-security-install-qa (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41601 Malicious code in retool-security-install-qa (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2025-47424
Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...
CVE-2025-47424
Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...
CVE-2025-47424
Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...
PT-2025-20603 · Retool · Retool
Name of the Vulnerable Software and Affected Versions: Retool self-hosted versions prior to 3.196.0 Description: The issue allows for Host header injection when the BASE DOMAIN environment variable is not set, enabling manipulation of the HTTP host header. Recommendations: For versions prior to...
CVE-2025-47424
CVE-2025-47424 affects Retool (self-hosted) prior to 3.196.0. The underlying issue is a Host header injection when BASE_DOMAIN is not set, allowing manipulation of the HTTP Host header. The vulnerability is described with a potential impact on confidentiality/integrity (per the CVSS metrics) and ...
CVE-2025-47424
Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...
Retool 安全漏洞
Retool is a platform from Retool, Inc. Any content can be developed using the code, design, debug, review, and deploy features. A security vulnerability exists in Retool versions prior to 3.196.0 that stems from host header injection allowed when the BASEDOMAIN environment variable is not set...
Malicious code in retool-quickopen-extension (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042613c8964cff510d8e7c399f8af5d2d64e787d61c331e0e3104ff349147412 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
Retool 安全漏洞
Retool is a platform from Retool, Inc. It is possible to develop any content using the code, design, debug, review and deploy features. A security vulnerability exists in Retool version 3.40.0 and prior versions that stems from resource authentication credentials being inserted into sent data...
CVE-2024-42056
Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...
CVE-2024-42056
Retool (self-hosted Enterprise) is affected through versions 3.18.1–3.40.0. The issue arises from inserting resource authentication credentials into sent data, enabling an authenticated attacker with low-privilege permissions (Use) to discover credentials via the /api/resources endpoint. Impact i...