Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zauberzeug — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting zauberzeug. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zauberzeug develops web-based security testing tools, primarily focusing on automated vulnerability scanning for web applications. Historically, its products have been associated with multiple remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure deserialization. The tool has also featured privilege escalation flaws due to insufficient access controls. While no major public security incidents have been documented, the 15 CVEs recorded indicate a pattern of security weaknesses in its core functionality, particularly in how user-supplied data is processed and authenticated. These vulnerabilities highlight ongoing challenges in secure development practices for security testing tools themselves.

Top products by zauberzeug: nicegui
CVE IDTitleCVSSSeverityPublished
CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization — niceguiCWE-22 5.9 Medium2026-04-08
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion — niceguiCWE-20 7.5 -2026-03-24
CVE-2026-27156 NiceGUI has XSS via Code Injection — niceguiCWE-79 6.1 Medium2026-02-24
CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content — niceguiCWE-79 6.1 Medium2026-02-06
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write — niceguiCWE-22 7.5 High2026-02-06
CVE-2026-21874 NiceGUI has Redis connection leak via tab storage causes service degradation — niceguiCWE-772 5.3 Medium2026-01-08
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages` — niceguiCWE-79 7.2 High2026-01-08
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links — niceguiCWE-79 6.1 Medium2026-01-08
CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() — niceguiCWE-79 6.1 Medium2026-01-08
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading — niceguiCWE-22 7.5 High2025-12-09
CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content — niceguiCWE-79 6.1 Medium2025-12-09
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection — niceguiCWE-79 6.1 Medium2025-12-08
CVE-2025-53354 NiceGUI is vulnerable to Reflected XSS attack — niceguiCWE-79 6.1 Medium2025-10-03
CVE-2025-21618 NiceGUI On Air authentication issue — niceguiCWE-287 7.5 High2025-01-06
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component — niceguiCWE-23 8.2 High2024-04-12

This page lists every published CVE security advisory associated with zauberzeug. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.