VYPR

Caido

by Caido

Source repositories

CVEs (5)

  • CVE-2025-49004HigJun 9, 2025
    risk 0.42cvss 7.5epss 0.01

    Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A…

  • CVE-2025-53834MedJul 14, 2025
    risk 0.34cvss 6.3epss 0.00

    Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This…

  • CVE-2025-23039MedJan 17, 2025
    risk 0.34cvss 5.2epss 0.00

    Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts,…

  • CVE-2025-66025MedNov 26, 2025
    risk 0.28cvss 4.3epss 0.00

    Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated…

  • CVE-2026-24853Feb 13, 2026
    risk 0.00cvss epss 0.00

    Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080…

VYPR — Vulnerability Intelligence