119 matches found
EUVD-2026-9976
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...
CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...
CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...
CVE-2026-25877
Chartbrew (open-source web app) prior to version 4.8.1 performs authorization checks on chart-related operations using only the project_id, with no authorization on the chart_id itself. This allows an authenticated user who has access to any project to access or manipulate charts belonging to oth...
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...
chartbrew 访问控制错误漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained a access control vulnerability. This vulnerability stemmed from the lack of middleware in the chart filter endpoint, allowing unverified users to acces...
chartbrew SQL注入漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.3 contained a SQL injection vulnerability. This vulnerability allows unverified attackers to inject arbitrary SQL queries into the database, potentially leading to...
chartbrew 访问控制错误漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a access control vulnerability. This vulnerability stemmed from the authorization check being performed solely based on the projectid parameter, which...
PT-2026-23637
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application designed for connecting to databases and APIs to create charts. A remote code execution issue exists in versions before 4.8.1 due to a vulnerable API. The issue has...
chartbrew 代码注入漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability. This vulnerability stemmed from the faulty API, which allowed remote code execution...
PT-2026-23638
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against...
PT-2026-23635
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.1, authorization checks for chart operations update, delete, etc. relied only on the project ...
PT-2026-23639
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the chart filter endpoint, ''/project/:project id/chart/:chart id/filter'', lacks both...
chartbrew 代码问题漏洞
Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained code vulnerabilities. These vulnerabilities stemmed from allowing the upload of files without verifying their types or content. This could lead to the...
PT-2026-23636
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application that connects to databases and APIs to create charts. Versions of the software prior to 4.8.1 contain a remote code execution issue stemming from the MongoDB dataset...
chartbrew 代码注入漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability, which was caused by remote code execution vulnerabilities in MongoDB dataset queries...
PT-2026-23640
Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the application does not validate file types or content when uploading files, such as...