CRITICAL10.0CVE-2025-41240The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path (/opt/bitnami/wordpress/secrets) that is located within… >= 1.62.0-0, < 1.81.0-1
CRITICAL9.8CVE-2026-24042Appsmith public apps can execute unpublished actions (viewMode confusion) from 0, < 1.95.0
CRITICAL9.8CVE-2024-55964An issue was discovered in Appsmith before 1.52. from 0, < 1.52.0
CRITICAL9.0Critical Stored XSS & Privilege Escalation in Appsmith
from 0, < 1.96.0
HIGH8.9Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server vi…
from 0, < 1.7.15
HIGH8.8Account Takeover Vulnerability in Appsmith
from 0, < 1.93.0
HIGH8.8Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming…
>= 1.7.11, < 1.7.12
MEDIUM6.5Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
from 0, < 1.51.0
MEDIUM6.5Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
from 0, < 1.51.0
MEDIUM6.5An issue was discovered in Appsmith before 1.51.
from 0, < 1.51.0
MEDIUM6.5AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metada…
>= 1.8.3, < 1.46.0
MEDIUM6.5Server-Side Request Forgery (SSRF) in appsmithorg/appsmith
from 0, < 1.8.2
MEDIUM5.4CVE-2026-7299
from 0, < 1.99.0
MEDIUM4.3An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endp…
>= 1.7.11, < 1.7.12
—Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
from 0, < 1.98.0