Filtered by vendor Retool
Subscriptions
Filtered by product Retool
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47424 | 1 Retool | 1 Retool | 2025-05-12 | 7.1 High |
| Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated. | ||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2025-03-13 | 6.5 Medium |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | ||||
Page 1 of 1.