CVE-2026-21871
- EPSS 0.24%
- Veröffentlicht 08.01.2026 09:49:55
- Zuletzt bearbeitet 15.01.2026 17:40:09
NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.history.replace(). These helpers are documented as H...
CVE-2025-66645
- EPSS 0.96%
- Veröffentlicht 09.12.2025 21:41:32
- Zuletzt bearbeitet 19.12.2025 19:00:54
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed i...
CVE-2025-66470
- EPSS 0.22%
- Veröffentlicht 09.12.2025 00:11:14
- Zuletzt bearbeitet 11.12.2025 18:49:47
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactive_image component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This a...
CVE-2025-66469
- EPSS 0.22%
- Veröffentlicht 08.12.2025 23:54:37
- Zuletzt bearbeitet 11.12.2025 16:00:55
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions. The functions lack proper sanitization or encoding for the JavaScript context they genera...