Lucene search
K

37 matches found

Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-8595 Stored XSS in the table panel (TableNG)

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56253

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Dashboard text components render stored content using Vue v-html without server-side HTML sanitization. This allows an authenticated user with permissions to edit dashboard component data to injec...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References7
OSV
OSV
added 2026/06/22 1:18 p.m.3 views

CVE-2026-9029 Stored XSS in the Geomap panel tile-layer attribution

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from a path traversal vulnerability in the dashboard management function. This vulnerability could allow authenticated and limited-permission...

7.3CVSS5.8AI score0.00223EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/13 8:16 p.m.10 views

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 2:18 a.m.7 views

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

8.3CVSS5.6AI score0.00143EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.7 views

CVE-2024-34519

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...

6.8CVSS7AI score0.00385EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-30211

Malware in sbrugna...

5.4CVSS5.5AI score0.00873EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-11639

Malware in sbrugna...

8.8CVSS8.5AI score0.01713EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-43243

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00466EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18182

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00287EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1500

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01997EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-29701

Malicious code in bioql PyPI...

7.2CVSS5.8AI score0.00523EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14507

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00972EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5022

Malicious code in bioql PyPI...

5.4CVSS5.3AI score0.02266EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-54664

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00409EPSS
Exploits3References4
CVE
CVE
added 2025/08/28 3:42 a.m.27 views

CVE-2025-0951

Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...

4.3CVSS6.8AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 2:8 p.m.18 views

CVE-2025-49191 Dashboards and iFrames can link malicious web content

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...

4.8CVSS0.00287EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.9 views

PT-2025-25317 · Sick Ag · Sick Field Analytics

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the creation of iFrame widgets and dashboards where linked URLs are vulnerable to code execution. An attacker, if authorized to create new dashboards or iFrame widgets, ca...

4.8CVSS6.6AI score0.00287EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/10 12:0 a.m.2 views

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

5.7AI score0.00409EPSS
Exploits3References3
Rows per page
Query Builder