Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zauberzeug — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting zauberzeug. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by zauberzeug:nicegui
CVE IDTitleCVSSSeverityPublished
CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization — niceguiCWE-22 5.9 Medium2026-04-08
CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion — niceguiCWE-20 7.5 -2026-03-24
CVE-2026-27156 NiceGUI has XSS via Code Injection — niceguiCWE-79 6.1 Medium2026-02-24
CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content — niceguiCWE-79 6.1 Medium2026-02-06
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write — niceguiCWE-22 7.5 High2026-02-06
CVE-2026-21874 NiceGUI has Redis connection leak via tab storage causes service degradation — niceguiCWE-772 5.3 Medium2026-01-08
CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages` — niceguiCWE-79 7.2 High2026-01-08
CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links — niceguiCWE-79 6.1 Medium2026-01-08
CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() — niceguiCWE-79 6.1 Medium2026-01-08
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading — niceguiCWE-22 7.5 High2025-12-09
CVE-2025-66470 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content — niceguiCWE-79 6.1 Medium2025-12-09
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection — niceguiCWE-79 6.1 Medium2025-12-08
CVE-2025-53354 NiceGUI is vulnerable to Reflected XSS attack — niceguiCWE-79 6.1 Medium2025-10-03
CVE-2025-21618 NiceGUI On Air authentication issue — niceguiCWE-287 7.5 High2025-01-06
CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component — niceguiCWE-23 8.2 High2024-04-12

This page lists every published CVE security advisory associated with zauberzeug. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.