EUVD-2022-41791

Malicious code in bioql PyPI...

CVE-2025-55007 Knowage vulnerable to server-side request forgery

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

CVE-2023-38702

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

CVE-2023-36819

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

CVE-2023-35154

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

CVE-2019-13190

In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page...

CVE-2019-13349

In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes...

Knowage 安全漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage Italy. A security vulnerability exists in Knowage versions prior to 8.1.30, which stems from DataSourceResource.java in the SpagoBI API support not ensuring that java:comp/env/jdbc/...

PT-2023-25984 · Knowage · Knowage

Name of the Vulnerable Software and Affected Versions: Knowage versions prior to 8.1.8 Description: Knowage is an open source suite for business analytics that uses user-supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries to break...

Knowage 路径遍历漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A path traversal vulnerability exists in Knowage versions prior to 6.x.x through 8.1.8, which stems from an authenticated user being able to download a template hosted on th...

Knowage 跨站脚本漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A security vulnerability exists in Knowage versions 6.xx series, versions prior to 7.4.22, versions prior to 8.0.9, and versions prior to 8.1.0, which can be exploited by an...

Knowage Cross-Site Scripting Vulnerability (CNVD-2021-26380)

Knowage is a suite of open source tools for modern business analytics. A reflective cross-site scripting vulnerability exists in Knowage versions prior to 7.4. The vulnerability can be exploited to inject arbitrary external scripts into /restful-services/publish via the 'EXECFROM' parameter, whic...

Knowage Trust Management Issues Vulnerabilities

Knowage is a suite of open source tools for modern business analytics. A security vulnerability exists in Knowage 6.1.1 and earlier versions. An attacker can exploit the vulnerability to obtain all user password hashes...

Knowage Trust Management Issues Vulnerabilities

Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A trust management issue vulnerability exists in Knowage 6.1.1 and prior versions. An attacker can exploit this vulnerability to obtain arbitrary resource credentials...

CVE-2018-12354

Knowage formerly SpagoBI 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request...