Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-39424

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14198

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00134EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/28 7:38 a.m.3 views

Malicious code in retool-security-install-qa (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:38 a.m.3 views

MAL-2025-41601 Malicious code in retool-security-install-qa (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.9 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

6.5CVSS6.6AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/11 12:15 a.m.21 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS7.3AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 11:15 p.m.18 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 12:0 a.m.9 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS7.2AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/09 12:0 a.m.6 views

PT-2025-20603 · Retool · Retool

Name of the Vulnerable Software and Affected Versions: Retool self-hosted versions prior to 3.196.0 Description: The issue allows for Host header injection when the BASE DOMAIN environment variable is not set, enabling manipulation of the HTTP host header. Recommendations: For versions prior to...

7.1CVSS6.8AI score0.00134EPSS
Exploits0References8
CVE
CVE
added 2025/05/09 12:0 a.m.65 views

CVE-2025-47424

CVE-2025-47424 affects Retool (self-hosted) prior to 3.196.0. The underlying issue is a Host header injection when BASE_DOMAIN is not set, allowing manipulation of the HTTP Host header. The vulnerability is described with a potential impact on confidentiality/integrity (per the CVSS metrics) and ...

7.1CVSS7AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/09 12:0 a.m.24 views

CVE-2025-47424

Retool self-hosted before 3.196.0 allows Host header injection. When the BASEDOMAIN environment variable is not set, the HTTP host header can be manipulated...

7.1CVSS0.00134EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

Retool 安全漏洞

Retool is a platform from Retool, Inc. Any content can be developed using the code, design, debug, review, and deploy features. A security vulnerability exists in Retool versions prior to 3.196.0 that stems from host header injection allowed when the BASEDOMAIN environment variable is not set...

7.1CVSS7AI score0.00134EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 9:54 p.m.2 views

Malicious code in retool-quickopen-extension (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 042613c8964cff510d8e7c399f8af5d2d64e787d61c331e0e3104ff349147412 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2024/08/22 1:15 a.m.4 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References2
NVD
NVD
added 2024/08/22 1:15 a.m.18 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

6.5CVSS0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/22 1:15 a.m.3 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.18 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

7.1AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

Retool 安全漏洞

Retool is a platform from Retool, Inc. It is possible to develop any content using the code, design, debug, review and deploy features. A security vulnerability exists in Retool version 3.40.0 and prior versions that stems from resource authentication credentials being inserted into sent data...

6.5CVSS6.9AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/22 12:0 a.m.32 views

CVE-2024-42056

Retool self-hosted enterprise through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered by an authenticated attacker via the /api/resources endpoint. The earliest affected version is 3.18.1...

0.00212EPSS
Exploits0References2
CVE
CVE
added 2024/08/22 12:0 a.m.95 views

CVE-2024-42056

Retool (self-hosted Enterprise) is affected through versions 3.18.1–3.40.0. The issue arises from inserting resource authentication credentials into sent data, enabling an authenticated attacker with low-privilege permissions (Use) to discover credentials via the /api/resources endpoint. Impact i...

6.5CVSS7.3AI score0.00212EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder