Security Update for Microsoft Power BI Report Server (February 2026)

The Microsoft Power BI Report Server on the remote host is missing the February 2026 security update. It is, therefore, affected by an RCE vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 809...

KLA90873 ACE vulnerability in Microsoft SQL Server

A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-21229 Exploitation Related products Microsoft-Power-BI CVE list CVE-2026-21229 critical Solution Install necessary update...

EUVD-2024-40747

Malicious code in bioql PyPI...

The vulnerability of Power BI report servers, related to the lack of protective measures for website structures, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Power BI report server is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2024-43612

Power BI Report Server Spoofing Vulnerability...

PT-2024-6990 · Microsoft · Power Bi Report Server

Name of the Vulnerable Software and Affected Versions: Power BI Report Server affected versions not specified Description: The issue is related to the Power BI Report Server and involves a lack of protection for the web page structure, potentially allowing a remote attacker to perform cross-site...

PT-2024-6806 · Microsoft · Power Bi Report Server

Name of the Vulnerable Software and Affected Versions: Power BI Report Server versions affected versions not specified Description: The issue is related to the Power BI Report Server, where a lack of proper web page structure protection can be exploited. This can allow a remote attacker to perfor...

KLA73909 SUI vulnerabilities in Microsoft SQL Server

A spoofing user interface vulnerabilities was found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to spoof user interface. Original advisories CVE-2024-43481 CVE-2024-43612 Related products Microsoft-Power-BI CVE list CVE-2024-43481 high CVE-2024-43612 high Solution...

CVE-2023-21806

Power BI Report Server Spoofing Vulnerability...

CVE-2023-21806

Power BI Report Server Spoofing Vulnerability...

KB5023884 - Description of the security update for Power BI Report Server: January 2023

KB5023884 - Description of the security update for Power BI Report Server: January 2023 Summary This Microsoft Power BI Report Server security update resolves an escalation of privilege vulnerability. To learn more about the vulnerability, see CVE-2023-21809. Affected versions The following Power...

KLA20230 Multiple vulnerabilities in Microsoft SQL Server

Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft SQL Server can be exploited remotely t...

PT-2023-1422 · Microsoft · Power Bi Report Server

Name of the Vulnerable Software and Affected Versions: Power BI Report Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks. Recommendations: At the...

CVE-2021-44874

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report modul...

CVE-2021-44874

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report modul...

The vulnerability of the Power BI report server, related to errors in information presentation by the user interface, allows a perpetrator to perform spear-phishing attacks.

The vulnerability of the Power BI report server is related to errors in the way information is presented by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks remotely...

Security Update for Microsoft Power BI Report Server (November 2021)

A Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerability exists when Power BI Report Server Template file pbix containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to...

Escalation of privilege possible in Power BI Report Server (September, May 2021): March 4, 2022 (KB5007903)

Escalation of privilege possible in Power BI Report Server September, May 2021: March 4, 2022 KB5007903 INTRODUCTION Microsoft has released security update guide CVE-2021-41372 for Power BI Report Server. See the complete guide at...

PT-2021-5124 · Microsoft · Power Bi Report Server

Name of the Vulnerable Software and Affected Versions: Power BI Report Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It involves a Cross-Site Scripting XSS and Cross-Site Request Forgery CSRF vulnerability...

Security Update for Microsoft Power BI Report Server (July 2021) (deprecated)

Deprecated because the exposure impacts Power BI Desktop %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2021/10/14. Deprecated because this impacts Power BI Desktop, not the server include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid151623;...