Browse all 5 CVE security advisories affecting bandido. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bandido is a penetration testing tool designed for identifying and exploiting web application vulnerabilities. Historically, it has been associated with Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation vulnerabilities across multiple CVEs. The tool's aggressive scanning approach has led to its use in both legitimate security assessments and malicious attacks. While no major public incidents directly attributed to bandido have been widely documented, its potential for automated exploitation makes it a concern for organizations with insufficient web application defenses. The tool's effectiveness in identifying critical flaws underscores the importance of regular security assessments and proper input validation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2292 | Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field — Morkva UA ShippingCWE-79 | 4.4 | Medium | 2026-03-04 |
| CVE-2025-12170 | Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing — CheckboxCWE-862 | 5.3 | Medium | 2025-11-21 |
| CVE-2025-6720 | Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing — MORKVA Vchasno Kasa IntegrationCWE-862 | 5.3 | Medium | 2025-07-19 |
| CVE-2025-6721 | Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation — MORKVA Vchasno Kasa IntegrationCWE-862 | 5.3 | Medium | 2025-07-19 |
| CVE-2024-12049 | Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters — UkrposhtaCWE-79 | 6.1 | Medium | 2025-01-07 |
This page lists every published CVE security advisory associated with bandido. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.