Lucene search
K

223 matches found

CVE
CVE
added 2025/09/29 11:48 p.m.21 views

CVE-2025-59954

CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...

10CVSS6.8AI score0.00512EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/09/29 11:48 p.m.10 views

CVE-2025-59954 Knowage Contains a Remote Code Execution Vulnerability

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27...

10CVSS7.1AI score0.00512EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39922

Name of the Vulnerable Software and Affected Versions Knowage versions 8.1.26 and below Description Knowage is an analytics and business intelligence suite. Versions 8.1.26 and below are susceptible to Remote Code Execution due to the use of an unsafe org.apache.commons.jxpath.JXPathContext in th...

10CVSS7.2AI score0.00512EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/09/03 4:23 p.m.5 views

CVE-2025-55007

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

5.3CVSS6.9AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/09/01 4:15 p.m.7 views

CVE-2025-55007

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

5.3CVSS0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/01 3:46 p.m.3 views

CVE-2025-55007 Knowage vulnerable to server-side request forgery

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

3.5CVSS6.3AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/01 3:46 p.m.14 views

CVE-2025-55007 Knowage vulnerable to server-side request forgery

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

3.5CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2025/09/01 3:46 p.m.6 views

CVE-2025-55007 Knowage vulnerable to server-side request forgery

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

3.5CVSS6.8AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2025/09/01 3:46 p.m.21 views

CVE-2025-55007

Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...

5.3CVSS6.3AI score0.00176EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.5 views

Knowage 代码问题漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37 that stems from server-side request forgery and could lead to scanning of the internal network...

5.3CVSS6.8AI score0.00176EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/01 12:0 a.m.6 views

PT-2025-35494

Name of the Vulnerable Software and Affected Versions: Knowage versions prior to 8.1.37 Description: Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. The impact of this vulnerability is limited as attackers cannot...

5.3CVSS6.5AI score0.00176EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.14 views

CVE-2023-38702

Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...

9.9CVSS7.3AI score0.01062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.6 views

CVE-2023-36819

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

6.5CVSS6.3AI score0.00791EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.11 views

CVE-2023-35154

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...

7.2CVSS6.8AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:22 p.m.7 views

CVE-2022-39295

Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...

6.1CVSS6.1AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 p.m.6 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.4CVSS7AI score0.23795EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.8 views

CVE-2021-30211

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...

5.4CVSS6AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.7 views

CVE-2021-30212

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...

5.4CVSS6AI score0.00581EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.6 views

CVE-2021-30213

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...

6.1CVSS6.2AI score0.02721EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.7 views

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...

4.8CVSS6.9AI score0.0066EPSS
Exploits1References1
Rows per page
Query Builder