223 matches found
CVE-2025-59954
CVE-2025-59954 affects Knowage: versions 8.1.26 and earlier are vulnerable to remote code execution due to an unsafe org.apache.commons.jxpath.JXPathContext usage in MetaService.java. The issue enables a hostile actor to execute code remotely, with impact described as high on confidentiality, int...
CVE-2025-59954 Knowage Contains a Remote Code Execution Vulnerability
Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27...
PT-2025-39922
Name of the Vulnerable Software and Affected Versions Knowage versions 8.1.26 and below Description Knowage is an analytics and business intelligence suite. Versions 8.1.26 and below are susceptible to Remote Code Execution due to the use of an unsafe org.apache.commons.jxpath.JXPathContext in th...
CVE-2025-55007
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007 Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007 Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007 Knowage vulnerable to server-side request forgery
Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...
CVE-2025-55007
Knowage (open source analytics/BI) prior to version 8.1.37 is affected by a server-side request forgery vulnerability that lets an attacker issue requests to arbitrary hosts/paths. The attacker cannot read the response, which limits impact, but the issue could be used to scan internal networks. T...
Knowage 代码问题漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37 that stems from server-side request forgery and could lead to scanning of the internal network...
PT-2025-35494
Name of the Vulnerable Software and Affected Versions: Knowage versions prior to 8.1.37 Description: Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. The impact of this vulnerability is limited as attackers cannot...
CVE-2023-38702
Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to upload template file on the server, but does not need any authorization to ...
CVE-2023-36819
Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...
CVE-2023-35154
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This...
CVE-2022-39295
Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with the 6.x branch and prior to versions 7.4.22, 8.0.9, and 8.1.0 is vulnerable to cross-site scripting because the XSSRequestWrapper::stripXSS method can be...
CVE-2021-30214
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...
CVE-2021-30211
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter...
CVE-2021-30212
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting XSS. An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter...
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
CVE-2021-30057
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters...