EUVD-2022-28175

Malicious code in bioql PyPI...

EUVD-2022-7364

Malicious code in bioql PyPI...

EUVD-2022-32465

Malicious code in bioql PyPI...

ToolJet 安全漏洞

ToolJet is an extensible low-code framework for building business applications from ToolJet. A security vulnerability exists in Tooljet version v1.6.0 that stems from not properly handling missing values in the API. An attacker can exploit the vulnerability to arbitrarily reset a password via a...

CVE-2022-27978

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

CVE-2022-4111 Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

CVE-2022-3348 Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet

Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim...

PT-2022-17778 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: tooljet/tooljet versions prior to v1.19.0 Description: The issue is related to improper access control. Recommendations: For versions prior to v1.19.0, update to version v1.19.0 or later to resolve the issue...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...