37 matches found
CVE-2026-8595 Stored XSS in the table panel (TableNG)
A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...
PT-2026-56253
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Dashboard text components render stored content using Vue v-html without server-side HTML sanitization. This allows an authenticated user with permissions to edit dashboard component data to injec...
CVE-2026-9029 Stored XSS in the Geomap panel tile-layer attribution
A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...
Elastic Kibana 安全漏洞
Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from a path traversal vulnerability in the dashboard management function. This vulnerability could allow authenticated and limited-permission...
CVE-2026-33377
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...
CVE-2024-34519
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
EUVD-2020-30211
Malware in sbrugna...
EUVD-2021-11639
Malware in sbrugna...
EUVD-2023-43243
Malicious code in bioql PyPI...
EUVD-2025-18182
Malicious code in bioql PyPI...
EUVD-2022-1500
Malicious code in bioql PyPI...
EUVD-2023-29701
Malicious code in bioql PyPI...
EUVD-2025-14507
Malicious code in bioql PyPI...
EUVD-2022-5022
Malicious code in bioql PyPI...
EUVD-2024-54664
Malicious code in bioql PyPI...
CVE-2025-0951
Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...
CVE-2025-49191 Dashboards and iFrames can link malicious web content
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...
PT-2025-25317 · Sick Ag · Sick Field Analytics
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the creation of iFrame widgets and dashboards where linked URLs are vulnerable to code execution. An attacker, if authorized to create new dashboards or iFrame widgets, ca...
CVE-2024-37394
A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...