Lucene search
+L

12 matches found

euvd
euvd
added 2026/07/08 3:8 p.m.8 views

EUVD-2026-42299

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 4:3 p.m.33 views

CVE-2026-55413 ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS0.00256EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-32465

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00475EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7364

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00753EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28175

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00588EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/04/26 12:0 a.m.5 views

ToolJet 安全漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in Tooljet version v1.6.0 that stems from not properly handling missing values in the API. An attacker can exploit the vulnerability to arbitrarily reset a password via a...

7.5CVSS7.9AI score0.01036EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/04/26 12:0 a.m.11 views

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

7.4AI score0.01036EPSS
Exploits1References1
osv
osv
added 2022/11/22 12:0 a.m.10 views

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

6.5CVSS6.4AI score0.00753EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2022/11/22 12:0 a.m.8 views

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

6.5CVSS7.1AI score0.00753EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2022/09/28 8:40 a.m.11 views

CVE-2022-3348 Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet

Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim...

6.5CVSS5AI score0.00844EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2022/08/02 12:0 a.m.8 views

PT-2022-17778 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to v1.19.0 Description: The issue is related to improper access control. Recommendations: For versions prior to v1.19.0, update to version v1.19.0 or later to resolve the issue...

9.8CVSS9.1AI score0.00958EPSS
Exploits1References5
attackerkb
attackerkb
added 2022/05/17 10:46 a.m.10 views

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...

8.8CVSS5.8AI score0.01251EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder