| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34931 | hoppscotch: Improper loopback redirect_uri validation in device-login flow | hoppscotch | hoppscotch | - | - | 2026-04-02 19:21:35 | Deep Dive |
| CVE-2026-34848 | hoppscotch: Stored XSS in team member overflow tooltip via display name | hoppscotch | hoppscotch | Medium | 5.4 | 2026-04-02 19:20:01 | Deep Dive |
| CVE-2026-34932 | hoppscotch: Stored XSS via mock server responses on backend origin | hoppscotch | hoppscotch | - | - | 2026-04-02 19:19:16 | Deep Dive |
| CVE-2026-34847 | hoppscotch: Open redirect via `/enter?redirect=` | hoppscotch | hoppscotch | Medium | 4.7 | 2026-04-02 19:19:06 | Deep Dive |
| CVE-2026-30825 | hoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access Token | hoppscotch | hoppscotch | None | 0.0 | 2026-03-07 05:13:14 | Deep Dive |
| CVE-2026-28217 | IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections | hoppscotch | hoppscotch | Medium | 6.5 | 2026-02-26 22:38:34 | Deep Dive |
| CVE-2026-28216 | hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment | hoppscotch | hoppscotch | High | 8.3 | 2026-02-26 22:36:51 | Deep Dive |
| CVE-2026-28215 | hoppscotch Vulnerable to Unauthenticated Onboarding Config Takeover | hoppscotch | hoppscotch | Critical | 9.1 | 2026-02-26 22:34:47 | Deep Dive |
| CVE-2024-34714 | Hoppscotch Extension responds to calls made by origins not in the domain list | hoppscotch | hoppscotch-extension | High | 7.6 | 2024-05-14 14:48:37 | Deep Dive |
| CVE-2024-34347 | @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE | hoppscotch | hoppscotch | High | 8.3 | 2024-05-08 14:16:38 | Deep Dive |
| CVE-2024-27092 | Content spoofing - real Hoppscotch emails | hoppscotch | hoppscotch | Medium | 5.4 | 2024-02-26 19:40:57 | Deep Dive |
| CVE-2023-34097 | Database password exposed in logs in hoppscotch | hoppscotch | hoppscotch | High | 7.8 | 2023-06-05 20:02:04 | Deep Dive |
| CVE-2022-25850 | Server-side Request Forgery (SSRF) | - | github.com/hoppscotch/proxyscotch | High | 7.5 | 2022-05-01 15:20:10 | Deep Dive |
| CVE-2022-0121 | Cross-site Scripting in hoppscotch/hoppscotch | hoppscotch | hoppscotch/hoppscotch | High | 8.0 | 2022-01-06 02:30:10 | Deep Dive |