Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

Cvelist
Cvelistadded yesterday6 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-28175

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.15 views

EUVD-2022-32465

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00479EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2022-7364

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00753EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/04/26 12:0 a.m.4 views

ToolJet 安全漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in Tooljet version v1.6.0 that stems from not properly handling missing values in the API. An attacker can exploit the vulnerability to arbitrarily reset a password via a...

7.5CVSS7.9AI score0.01063EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/04/26 12:0 a.m.11 views

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

7.4AI score0.01063EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2022/11/22 12:0 a.m.6 views

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

6.5CVSS7.1AI score0.00753EPSS
Exploits1References2
OSV
OSVadded 2022/11/22 12:0 a.m.6 views

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

6.5CVSS6.4AI score0.00753EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2022/09/28 8:40 a.m.8 views

CVE-2022-3348 Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet

Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim...

6.5CVSS5AI score0.0082EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2022/08/02 12:0 a.m.4 views

PT-2022-17778 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to v1.19.0 Description: The issue is related to improper access control. Recommendations: For versions prior to v1.19.0, update to version v1.19.0 or later to resolve the issue...

9.8CVSS9.1AI score0.0094EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2022/05/17 10:46 a.m.7 views

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS5.8AI score0.01224EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder