Lucene search
+L
UsebrunoBruno

4 matches found

CVE
CVE
added 2025/04/01 2:16 p.m.89 views

CVE-2025-30210

CVE-2025-30210 affects Bruno (open source IDE for APIs). Prior to version 1.39.1, Bruno’s custom tooltip components used react-tooltip to render environment names as raw HTML, allowing injection of inline scripts into the DOM when a user hovers the environment name. The attack surface is limited ...

8.7CVSS6.7AI score0.00344EPSS
CVE
CVE
added 2025/04/01 2:21 p.m.84 views

CVE-2025-30354

Summary: CVE-2025-30354 affects Bruno, an open source API IDE. A bug in the assertion runtime can cause expressions to run in Developer Mode, causing sandbox settings to be ignored when a single request is executed, specifically when importing collections from untrusted or malicious sources. It r...

8.7CVSS6.9AI score0.00361EPSS
CVE
CVE
added 2024/11/04 12:0 a.m.68 views

CVE-2024-48463

Bruno IDE Desktop prior to version 1.29.1 exposes a vulnerability where Electron’s shell.openExternal is used to open URLs in the Markdown docs viewer without validating http/https. This can lead to untrusted URL handling and, per the connected reports, potential remote code execution on systems ...

6.5CVSS6.7AI score0.00623EPSS
CVE
CVE
added 2026/04/06 4:8 p.m.53 views

CVE-2026-34841

Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...

9.8CVSS5.8AI score0.00234EPSS