Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Apps
CVE-2026-24042
CRITICAL CVSS 9.8
Find Similar
Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished (edit-mode) action
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a com
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If
CVE-2024-55964
CRITICAL CVSS 9.8
Find Similar
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacke
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientU
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution
Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace the
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/
In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi
In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user wi
In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution priv
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or l
CVE-2026-0064
CRITICAL CVSS 10.0
Find Similar
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interac
Page 1+ Next →