Appsmith

Appsmith

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-34411

Exploit
  • EPSS 0.08%
  • Veröffentlicht 27.03.2026 16:24:16
  • Zuletzt bearbeitet 31.03.2026 16:26:41

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata...

9

CVE-2026-30862

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.03.2026 22:26:11
  • Zuletzt bearbeitet 13.03.2026 15:34:16

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component renderin...

9.8

CVE-2026-24042

  • EPSS 0.11%
  • Veröffentlicht 22.01.2026 03:52:54
  • Zuletzt bearbeitet 17.02.2026 17:50:44

Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished (edit-mode) actions by sending viewMode=false (or omitting it) to PO...

8.8

CVE-2026-22794

Exploit
  • EPSS 0.02%
  • Veröffentlicht 12.01.2026 21:54:52
  • Zuletzt bearbeitet 21.01.2026 19:14:17

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / ...

6.5

CVE-2024-55963

  • EPSS 25.23%
  • Veröffentlicht 26.03.2025 20:15:21
  • Zuletzt bearbeitet 01.04.2025 16:34:41

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsm...

9.8

CVE-2024-55964

  • EPSS 67.34%
  • Veröffentlicht 26.03.2025 20:15:21
  • Zuletzt bearbeitet 01.04.2025 16:34:34

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, cr...

6.5

CVE-2024-55965

  • EPSS 0.2%
  • Veröffentlicht 26.03.2025 00:00:00
  • Zuletzt bearbeitet 08.07.2025 17:35:30

An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure doe...

4.3

CVE-2024-55604

  • EPSS 0.08%
  • Veröffentlicht 25.03.2025 14:15:05
  • Zuletzt bearbeitet 24.10.2025 18:11:23

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmit...

6.5

CVE-2024-51408

Exploit
  • EPSS 0.2%
  • Veröffentlicht 04.11.2024 14:15:16
  • Zuletzt bearbeitet 06.11.2024 22:06:43

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.

6.5

CVE-2022-4096

Exploit
  • EPSS 8.06%
  • Veröffentlicht 21.11.2022 15:15:12
  • Zuletzt bearbeitet 21.11.2024 07:34:34

Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.