7 matches found
CVE-2026-33725
Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...
CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import
Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...
PT-2024-20199 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.2 Apache Superset versions 3.0.0, 3.0.1 Description: Uncontrolled resource consumption can be triggered by an authenticated attacker that uploads a malicious ZIP to import database, dashboards,...
PT-2023-8254 · Poly · Edge E220 +36
Name of the Vulnerable Software and Affected Versions: Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX...
PT-2023-32845 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A critical issue affects the import function in the FileController.php file, where the manipulation of the importUrl argument leads to server-side request forgery. This can be initiated remotely and...
PT-2021-15889 · Betterlinks · Simple 301 Redirects
Name of the Vulnerable Software and Affected Versions: Simple 301 Redirects by BetterLinks WordPress plugin versions prior to 2.0.4 Description: The issue concerns the import data function, which lacks capability and nonce checks. This allows unauthenticated users to import site redirects...
PT-2020-13036 · WordPress · Wp-Advanced-Search
Name of the Vulnerable Software and Affected Versions: wp-advanced-search plugin version 3.3.6 Description: The Import feature in the wp-advanced-search plugin is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any...