34 matches found
Elastic Kibana 安全漏洞
Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from a path traversal vulnerability in the dashboard management function. This vulnerability could allow authenticated and limited-permission...
CVE-2026-33377
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...
CVE-2024-34519
Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Access control can be bypassed when there is a shared dashboard, and its auto-login user has...
EUVD-2020-30211
Malware in sbrugna...
EUVD-2021-11639
Malware in sbrugna...
EUVD-2022-5022
Malicious code in bioql PyPI...
EUVD-2023-43243
Malicious code in bioql PyPI...
EUVD-2023-29701
Malicious code in bioql PyPI...
EUVD-2025-18182
Malicious code in bioql PyPI...
EUVD-2024-54664
Malicious code in bioql PyPI...
EUVD-2022-1500
Malicious code in bioql PyPI...
EUVD-2025-14507
Malicious code in bioql PyPI...
CVE-2025-0951
Summary of CVE-2025-0951 (LiquidThemes for WordPress): The issue arises from a missing capability check in the liquid_reset_wordpress_before AJAX path across LiquidThemes plugins/themes, enabling authenticated attackers with Subscriber-level access and above to deactivate all plugins. The root ca...
CVE-2025-49191 Dashboards and iFrames can link malicious web content
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...
PT-2025-25317 · Sick Ag · Sick Field Analytics
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the creation of iFrame widgets and dashboards where linked URLs are vulnerable to code execution. An attacker, if authorized to create new dashboards or iFrame widgets, ca...
CVE-2024-37394
A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...
CVE-2024-27104
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...
CVE-2023-38505
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitel...
CVE-2022-0230
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...