CVE-2026-9562

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...

Exploit for CVE-2026-21721

💥 CVE-2026-21721 Exploit Написал exploit для CVE-2026-21721...

CVE-2022-35611

A Cross-Site Request Forgery CSRF in MQTTRoute v3.3 and below allows attackers to create and remove dashboards...

EUVD-2023-31708

Malicious code in bioql PyPI...

EUVD-2022-38493

Malicious code in bioql PyPI...

CVE-2024-55920

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2023-35164

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2024-46671

FortiWeb contains an Incorrect User Management (CWE-286) vulnerability affecting FortiWeb versions 7.6.2 and below, 7.4.6 and below, 7.2.10 and below, and 7.0.11 and below. An authenticated attacker with at least read-only admin privileges can perform operations on the dashboard of other administ...

CVE-2024-55920

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

Authorization

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

Schneider Electric IGSS Data Server 数据伪造问题漏洞

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...

Pentaho < 4.5.0 - User Console XML Injection

======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag defines an external entity, xxe8295c, whic...