Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/04/03 2:39 p.m.7 views

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS7AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2025/04/01 3:16 p.m.5 views

CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS0.00344EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/01 2:21 p.m.23 views

CVE-2025-30354 Bruno ignores Safe-Mode in Asserts expressions

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS0.00361EPSS
Exploits1References1
CVE
CVE
added 2025/04/01 2:16 p.m.86 views

CVE-2025-30210

CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...

8.7CVSS6.7AI score0.00344EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/01 2:16 p.m.14 views

CVE-2025-30210 Bruno XSS On Environment Name

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS0.00344EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/03/22 4:17 a.m.2 views

SUSE CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.8CVSS7.6AI score0.02276EPSS
Exploits1References3
NVD
NVD
added 2024/03/21 2:52 a.m.51 views

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.8CVSS8.4AI score0.02276EPSS
Exploits1References10
Prion
Prion
added 2023/01/10 8:15 a.m.21 views

Hardcoded credentials

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...

5.8CVSS6.3AI score0.00568EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-18771 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue in MediaWiki allows for XSS due to E-Widgets performing widget replacement in HTML...

9.8CVSS6.2AI score0.22699EPSS
Exploits27References108
ATTACKERKB
ATTACKERKB
added 2020/01/24 12:0 a.m.28 views

CVE-2019-1414

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka ‘Visual Studio Code Elevation of Privilege Vulnerability’. Recent assessments: goodlandsecurity at May 20, 2020 2:28am UTC reported: Vulnerability: An elevation ...

7.8CVSS7.6AI score0.01045EPSS
Exploits1References2
Rows per page
Query Builder