ByteOS Network

Insomnia

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-1087

Assigner-02762ae7-200e-4b20-9b2b-a77d5b8fc4cb

View Details

Assigner-02762ae7-200e-4b20-9b2b-a77d5b8fc4cb

CVSS Score-9.3||CRITICAL

EPSS-0.24% / 46.33%

7 Day CHG~0.00%

Published-09 May, 2025 | 11:37

Updated-12 May, 2025 | 17:32

Arbitrary Code Execution in Kong Insomnia Desktop Application

Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

Vendor-Kong Inc.

Product-Insomnia

CWE ID-CWE-20

Improper Input Validation

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2025-1353

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-7.3||HIGH

EPSS-0.02% / 3.51%

7 Day CHG~0.00%

Published-16 Feb, 2025 | 15:00

Updated-26 Feb, 2025 | 08:13

Kong Insomnia profapi.dll untrusted search path

A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.

Vendor-Kong

Product-Insomnia

CWE ID-CWE-426

Untrusted Search Path