375 matches found
GHSA-FPJ8-GQ4V-P354 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-24733 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2025-66614 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-24733 vulnerabilities
Vulnerabilities for packages: thingsboard, ontop-fips, nacos, kayenta-fips, nacos-docker, kayenta, ontop...
CVE-2025-66614 vulnerabilities
Vulnerabilities for packages: thingsboard, ontop-fips, nacos, kayenta-fips, nacos-docker, kayenta, ontop...
GHSA-QQ5R-98HH-RXC9 vulnerabilities
Vulnerabilities for packages: thingsboard, ontop-fips, nacos, kayenta-fips, nacos-docker, kayenta, ontop...
GHSA-FPJ8-GQ4V-P354 vulnerabilities
Vulnerabilities for packages: thingsboard, ontop-fips, nacos, kayenta-fips, nacos-docker, kayenta, ontop...
CVE-2022-31861
Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2024-34750 vulnerabilities
Vulnerabilities for packages: tomcat, thingsboard...
GHSA-WM9W-RJJ3-J356 vulnerabilities
Vulnerabilities for packages: tomcat, thingsboard...
GHSA-PJ86-CFQH-VQX6 vulnerabilities
Vulnerabilities for packages: argo-workflows, thingsboard, sqlpad, saf, json-server, tileserver-gl...
CVE-2024-51999 vulnerabilities
Vulnerabilities for packages: argo-workflows, thingsboard, sqlpad, saf, json-server, tileserver-gl...
CVE-2024-51999 vulnerabilities
Vulnerabilities for packages: thingsboard, argo-workflows, redisinsight, tileserver-gl, sqlpad, json-server, saf, librechat...
GHSA-PJ86-CFQH-VQX6 vulnerabilities
Vulnerabilities for packages: thingsboard, argo-workflows, redisinsight, tileserver-gl, sqlpad, json-server, saf, librechat...
CVE-2025-3261
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...
GHSA-5P82-2Q3R-WJ3M ThingsBoard allows an authenticated user to upload malicious SVG images
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...
CVE-2025-3261
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-3261
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...
CVE-2025-3261
CVE-2025-3261 entry is rejected/not used as stated; it does not represent an active vulnerability.