CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

PT-2026-41346

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

EUVD-2026-12671

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

CVE-2026-26001

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6...

CVE-2026-1684 Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcpreports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to...

CVE-2020-36941

Knockpy 4.1.1 is vulnerable to a CSV injection due to unfiltered server headers, enabling malicious spreadsheet formulas to be injected into CSV reports and potentially execute when opened in spreadsheet apps. The issue is confirmed with CVSS v3.1/4.0 data indicating a high impact (base score 9.8...

CVE-2020-36941 Knockpy 4.1.1 - CSV Injection

Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

EUVD-2025-204260

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

PT-2025-52220

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

PT-2025-46320

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions 5723 and below Description ManageEngine Exchange Reporter Plus versions 5723 and below are susceptible to a Stored Cross-Site Scripting XSS issue within the Custom report functionality. This allows...

EUVD-2008-2614

Malware in sbrugna...

EUVD-2005-2372

Malware in sbrugna...

EUVD-2023-33544

Malicious code in bioql PyPI...

CVE-2024-53442

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component...

CVE-2025-27676

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cross-Site Scripting in Reports V-2023-002...

CVE-2024-53442

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component...

CVE-2024-21285

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications component: Reports. The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2023-9594 · Oracle · Oracle Banking Liquidity Management

Name of the Vulnerable Software and Affected Versions: Oracle Banking Liquidity Management version 14.5.0.12.0 Description: The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to...