4 matches found
CVE-2025-30210
CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...
CVE-2025-30354
Summary: CVE-2025-30354 affects Bruno, an open source API IDE. A bug in the assertion runtime can cause expressions to run in Developer Mode, causing sandbox settings to be ignored when a single request is executed, specifically when importing collections from untrusted or malicious sources. It r...
CVE-2024-48463
Bruno IDE Desktop prior to version 1.29.1 exposes a vulnerability where Electron’s shell.openExternal is used to open URLs in the Markdown docs viewer without validating http/https. This can lead to untrusted URL handling and, per the connected reports, potential remote code execution on systems ...
CVE-2026-34841
Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...