Lucene search
K

239 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:21 p.m.11 views

CVE-2012-3473

The 1 reports API and 2 administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions...

6.4CVSS7.1AI score0.02333EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/12 12:0 a.m.5 views

IBM Jazz Reporting Service Code Issue Vulnerability

IBM Jazz Reporting Service is a suite of ready-to-use reporting components from International Business Machines IBM. The product includes features such as report generation, data collection and lifecycle queries. A code issue vulnerability exists in IBM Jazz Reporting Service that stems from a...

7.2CVSS6.8AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2025/02/21 12:15 p.m.8 views

CVE-2024-9150

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...

8.7CVSS0.00444EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/21 11:40 a.m.11 views

CVE-2024-9150 Code Injection in Wyn Enterprise

Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a...

8.7CVSS0.00444EPSS
Exploits0References3
CVE
CVE
added 2025/02/21 11:40 a.m.39 views

CVE-2024-9150

CVE-2024-9150 affects Wyn Enterprise: the report generation feature allows code inclusion beyond safe bounds, enabling a low-privilege user to abuse the functionality to execute malicious code, load DLLs, and run OS commands on a high-privilege host. The vulnerability arises from insufficient inp...

8.7CVSS7AI score0.00444EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.3 views

Wyn Enterprise 安全漏洞

Wyn Enterprise is an embedded business intelligence and analytics tool from Wyn Enterprise, Inc. A security vulnerability exists in Wyn Enterprise prior to version 8.0.00204.0, which stems from a report generation feature that allows code to be included, but does not adequately restrict the code...

8.7CVSS7.1AI score0.00444EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.4 views

PT-2025-7455 · Unknown · Wyn Enterprise

Name of the Vulnerable Software and Affected Versions: Wyn Enterprise versions prior to 8.0.00204.0 Description: The report generation functionality in Wyn Enterprise allows for code inclusion but does not sufficiently limit what code might be included. An attacker can use a low-privileges accoun...

8.7CVSS7.7AI score0.00444EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/05 10:11 p.m.15 views

CVE-2022-33273

Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation...

7.3CVSS7AI score0.0012EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/10 12:0 a.m.7 views

The vulnerability of the module that summarizes the Workflow framework for scanning vulnerabilities in Osmedeus, allowing attackers to perform cross-site scripting attacks

The vulnerability of the Workflow framework’s module summary component is related to the failure to remove specific elements from web pages when generating reports based on the general-template.md template. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

10CVSS5.3AI score0.0044EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/11/14 6:35 a.m.10 views

Cross-Site Scripting (XSS)

github.com/j3ssie/osmedeus is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper filtering of file contents when generating reports. The contents of the report files HTML and Markdown are read and used to generate the report, but they are not adequately sanitized, allowi...

8.7CVSS6.2AI score0.0044EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/10/16 2:49 p.m.4 views

MAL-2024-10153 Malicious code in reportgenpub (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.381 views

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...

7.4AI score
Exploits0
Veeam
Veeam
added 2024/06/14 12:0 a.m.19 views

Report Generation Fails with "lookup prometheus-server-exp: no such host"

Challenge After enabling Veeam Kasten for Kubernetes reports, reports are not generated. When running an on-demand report policy, the following error message is observed within the executor logs: "message":"Post "http://prometheus-server-exp:80/k10/prometheus/api/v1/query": dial tcp: lookup...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2024/04/25 4:30 p.m.36 views

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

6.8CVSS7.2AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 1:15 a.m.8 views

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

8.8CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2023/11/01 3:15 a.m.3 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.8AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2023/11/01 3:15 a.m.20 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.3AI score0.00377EPSS
Exploits0References1
Prion
Prion
added 2023/11/01 3:15 a.m.24 views

Design/Logic Flaw

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5CVSS5.2AI score0.00377EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/01 2:40 a.m.23 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.6AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/01 2:40 a.m.7 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.3AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder