Lucene search
K

84 matches found

NVD
NVD
added 6 hours ago6 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS
Exploits0References1
CVE
CVE
added 7 hours ago5 views

CVE-2026-55411

ToolJet prior to 3.20.1780-lts exposes a cross-tenant confidentiality flaw: authenticated users can decrypt any organization’s data-source secret via POST /api/data-sources/decrypt by supplying a credential_id, because the handler bypasses ValidateDataSourceGuard and ignores organization scoping ...

6.8CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-39470

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 7 hours ago2 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score
Exploits0References2Affected Software1
CVE
CVE
added 7 hours ago4 views

CVE-2026-55412

ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...

8.3CVSS5.9AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-39469

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 7 hours ago3 views

CVE-2026-55413

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added 7 hours ago4 views

CVE-2026-55413

ToolJet prior to 3.20.178-lts allows any authenticated builder-role user to overwrite a globally-shared marketplace plugin with arbitrary JavaScript, which executes server-side with full Node.js access (require, process). The malicious code runs when any user queries that plugin, enabling instanc...

9.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS
Exploits0References1
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-39467

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-32464

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.01063EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-32465

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00479EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-34340

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.01056EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7364

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00753EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-34878

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0094EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-28174

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01224EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28175

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.8 views

CVE-2022-4111

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

6.5CVSS6.8AI score0.00753EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:39 p.m.7 views

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

7.5CVSS6.7AI score0.01063EPSS
Exploits1References1
Rows per page
Query Builder