Lucene search
K

1218 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.7 views

PT-2026-36160

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.14 views

PT-2026-36162

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...

7.5CVSS5.4AI score0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

chartbrew 安全漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability. This vulnerability stems from the lack of authentication for the POST /api/chart/:chartid/query endpoint. Only the team.allowReportRefre...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-qtcharts-6.10.3-1.fc44

Qt Charts module provides a set of easy to use chart components. It uses the Qt Graphics View Framework, therefore charts can be easily integrated to modern user interfaces. Qt Charts can be used as QWidgets, QGra phicsWidget, or QML types. Users can easily create impressive graphs by selecting o...

5.4AI score
Exploits0
NVD
NVD
added 2026/04/24 4:16 a.m.8 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 2:57 a.m.3 views

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.2AI score0.00195EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 2:57 a.m.6 views

EUVD-2026-25387

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:57 a.m.6 views

CVE-2026-41318

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 2:57 a.m.34 views

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
CVE
CVE
added 2026/04/24 2:57 a.m.24 views

CVE-2026-41318

AnythingLLM prior to v1.12.1 is vulnerable to stored DOM-based XSS via an unsafe image rendering rule and unsanitized chart captions in the Chartable component. The vulnerability arises because renderMarkdown(...) output is sanitized in all call sites except Chartable, where LLM-generated caption...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...

5.4CVSS5.6AI score0.00195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-34844

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS5.7AI score0.00195EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

SUSE SLES15 Security Update : helm (SUSE-SU-2026:1483-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1483-1 advisory. - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: files written to...

6.5CVSS7.2AI score0.00311EPSS
Exploits0References7
NVD
NVD
added 2026/04/13 7:16 p.m.4 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

8.8CVSS0.02183EPSS
Exploits1References2
OSV
OSV
added 2026/04/13 5:40 a.m.2 views

BIT-HELM-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...

4.8CVSS5.8AI score0.00199EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 12:0 a.m.18 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

0.02183EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 12:0 a.m.12 views

CVE-2026-29955

CVE-2026-29955 affects KubePlus 4.14 (kubeconfiggenerator) /registercrd. The root cause is command injection via an unsanitized chartName that is directly concatenated into a shell command executed with subprocess.Popen(shell=True). This can allow arbitrary shell commands to be executed if a mali...

8.8CVSS6.1AI score0.02183EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.4 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

6.1AI score0.02183EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.3 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

6.1AI score0.02183EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

KubePlus 安全漏洞

KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...

8.8CVSS5.8AI score0.02183EPSS
Exploits1References3
Rows per page
Query Builder