Lucene search
K

119 matches found

EUVD
EUVD
added 2026/03/06 4:7 a.m.6 views

EUVD-2026-9976

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

7.2CVSS6.5AI score0.00839EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/06 4:7 a.m.3 views

CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

7.2CVSS6.3AI score0.00839EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/06 4:7 a.m.29 views

CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

7.2CVSS0.00839EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 4:7 a.m.7 views

CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References4
CVE
CVE
added 2026/03/06 4:7 a.m.14 views

CVE-2026-25877

Chartbrew (open-source web app) prior to version 4.8.1 performs authorization checks on chart-related operations using only the project_id, with no authorization on the chart_id itself. This allows an authenticated user who has access to any project to access or manipulate charts belonging to oth...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 4:7 a.m.3 views

CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/06 4:7 a.m.37 views

CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS0.00286EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained a access control vulnerability. This vulnerability stemmed from the lack of middleware in the chart filter endpoint, allowing unverified users to acces...

8.7CVSS5.8AI score0.0042EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

chartbrew SQL注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.3 contained a SQL injection vulnerability. This vulnerability allows unverified attackers to inject arbitrary SQL queries into the database, potentially leading to...

9.8CVSS6AI score0.00513EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a access control vulnerability. This vulnerability stemmed from the authorization check being performed solely based on the projectid parameter, which...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23637

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application designed for connecting to databases and APIs to create charts. A remote code execution issue exists in versions before 4.8.1 due to a vulnerable API. The issue has...

8.8CVSS6.3AI score0.0066EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

chartbrew 代码注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability. This vulnerability stemmed from the faulty API, which allowed remote code execution...

8.8CVSS6.2AI score0.0066EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23638

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against...

9.8CVSS5.9AI score0.00513EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23635

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.1, authorization checks for chart operations update, delete, etc. relied only on the project ...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23639

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the chart filter endpoint, ''/project/:project id/chart/:chart id/filter'', lacks both...

8.7CVSS5.8AI score0.0042EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

chartbrew 代码问题漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.4 contained code vulnerabilities. These vulnerabilities stemmed from allowing the upload of files without verifying their types or content. This could lead to the...

6.3CVSS5.7AI score0.00211EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23636

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application that connects to databases and APIs to create charts. Versions of the software prior to 4.8.1 contain a remote code execution issue stemming from the MongoDB dataset...

7.2CVSS6.3AI score0.00839EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

chartbrew 代码注入漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Versions of Chartbrew prior to 4.8.1 contained a code injection vulnerability, which was caused by remote code execution vulnerabilities in MongoDB dataset queries...

7.2CVSS6.5AI score0.00839EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.8 views

PT-2026-23640

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the application does not validate file types or content when uploading files, such as...

6.3CVSS5.7AI score0.00211EPSS
Exploits1References10
Rows per page
Query Builder