Vulnerabilidades em zauberzeug
17 resultadosCVE-2026-25732HIGHNiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File WriteEPSS 3.2%CVE-2025-66645HIGHNiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File ReadingEPSS 1.0%CVE-2024-32005HIGHLocal File Inclusion in NiceGUI leaflet componentEPSS 0.8%CVE-2026-33332MEDIUMNiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustionEPSS 0.6%CVE-2026-21874MEDIUMNiceGUI has Redis connection leak via tab storage causes service degradationEPSS 0.5%CVE-2026-39844MEDIUMNiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath SanitizationEPSS 0.4%CVE-2025-21618HIGHNiceGUI On Air authentication issueEPSS 0.4%CVE-2026-45554MEDIUMNiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routesEPSS 0.3%CVE-2026-45553HIGHNiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()EPSS 0.3%CVE-2026-21871MEDIUMNiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()EPSS 0.2%CVE-2026-25516MEDIUMNiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML contentEPSS 0.2%CVE-2026-21872MEDIUMNiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided linksEPSS 0.2%CVE-2026-21873HIGHZero-click XSS in all NiceGUI apps which uses `ui.sub_pages`EPSS 0.2%CVE-2025-66469MEDIUMNiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style InjectionEPSS 0.2%CVE-2025-66470MEDIUMNiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG contentEPSS 0.2%CVE-2025-53354MEDIUMNiceGUI is vulnerable to Reflected XSS attackEPSS 0.2%CVE-2026-27156MEDIUMNiceGUI has XSS via Code InjectionEPSS 0.2%