An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...
6.1CVSS
6AI Score
0.0005EPSS
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being...
7CVSS
7.4AI Score
0.002EPSS
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem...
7.8CVSS
7.6AI Score
0.0004EPSS
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka...
4.7CVSS
4.5AI Score
0.001EPSS