CVE-2026-5630

The CVE-2026-5630 affects assafelovic gpt-researcher (up to 3.4.3), specifically the Report API component at backend/server/app.py. A manipulation of an unknown function enables cross-site scripting and can be exploited remotely. An exploit has been published; however, no remediation or fixes are...

PT-2026-30569

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-1746

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

EUVD-2026-5095

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

CVE-2026-1746 JeecgBoot Online Report API loadDictItemByKeyword sql injection

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

CVE-2025-66214

Ladybug adds message-based debugging, unit, system, and regression testing to Java applications. Versions prior to 3.0-20251107.114628 contain the APIs /iaf/ladybug/api/report/storage and /iaf/ladybug/api/report/upload, which allow uploading gzip-compressed XML files with user-controllable conten...

CVE-2024-53499

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API...

CVE-2022-39034

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...

PT-2022-24688 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to a path traversal vulnerability in the Report API function. This vulnerability is caused by insufficient filtering for special characters in URLs, allowing a...

Smart eVision 路径遍历漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...

The vulnerability in the web interface of the software tool for creating reports for Cisco Security Manager’s deployed security solutions allows a perpetrator to perform cross-site scripting attacks.

The vulnerability in the web interface for creating reports for Cisco Security Manager’s deployed security solutions is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the specially...

The vulnerability of the software tool’s web interface for creating Cisco Unified Intelligence Center reports allows a malicious actor to send arbitrary requests to the vulnerable system via a web browser with user privileges.

The vulnerability of the software interface for creating reports in Cisco Unified Intelligence Center exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to send arbitrary requests to the vulnerable system via a web...

kernel: crypto: info leaks in report API

The cryptoreportone function in crypto/cryptouser.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMI...

CVE-2008-1073

Cross-site scripting XSS vulnerability in the report interface in Internet Security Systems ISS Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Sql injection

Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized NAV before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors...