184 matches found
CVE-2026-58647
Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...
CVE-2026-58647 Microsoft PowerBI Report Server Spoofing Vulnerability
...
CVE-2026-58647
CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...
Microsoft PowerBI Report Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...
KLA91151 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation...
PT-2026-58285
Name of the Vulnerable Software and Affected Versions Power BI Report Server versions prior to 15.0.1121.120 Description Improper neutralization of input during web page generation leads to cross-site scripting XSS, a technique where malicious scripts are injected into trusted websites. This allo...
KLA90939 OSI vulnerability in Microsoft SQL Server
An information disclosure vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-26133 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-26133 high Solution Install necessary...
Security Update for Microsoft Power BI Report Server (February 2026)
The Microsoft Power BI Report Server on the remote host is missing the February 2026 security update. It is, therefore, affected by an RCE vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 809...
CVE-2026-21229
Improper input validation in Power BI allows an authorized attacker to execute code over a network...
Vulnerability fixed in Microsoft SQL Server
Microsoft has fixed a vulnerability in SQL Server Power BI. A malicious party could exploit the vulnerability to execute arbitrary code on the vulnerable SQL Server. Microsoft has made updates available that fix the described vulnerability. We recommend that you install these updates. More...
CVE-2026-21229
Improper input validation in Power BI allows an authorized attacker to execute code over a network...
CVE-2026-21229
Improper input validation in Power BI allows an authorized attacker to execute code over a network...
CVE-2026-21229 Power BI Remote Code Execution Vulnerability
...
CVE-2026-21229 Power BI Remote Code Execution Vulnerability
...
CVE-2026-21229
Power BI is affected by CVE-2026-21229 due to improper input validation, enabling an authorized attacker to execute code over a network. CVSS v3.1 base score 8.0 (High). Refer to Microsoft MSRC advisory for mitigations and updates.
Power BI Remote Code Execution Vulnerability
Improper input validation in Power BI allows an authorized attacker to execute code over a network...
Microsoft Power BI 输入验证错误漏洞
Microsoft Power BI is an interactive data visualization software developed by the American company Microsoft, primarily focused on business intelligence. It is part of the Microsoft Power Platform. There is a vulnerability in input validation of Microsoft Power BI. Attackers can exploit this...
PT-2026-7335
Name of the Vulnerable Software and Affected Versions Power BI affected versions not specified Description Insufficient input validation in Power BI Report Server can allow a remote attacker to execute code on the network. The issue stems from inadequate input checking. Recommendations At the...
KLA90873 ACE vulnerability in Microsoft SQL Server
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21229 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-21229 critical Solution Install necessary update...
Malicious code in powerbi-visuals-sunburst (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 707c0139d214cc2c615245cb618d8e272c7868e912755bc359aaadb5415b1273 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...