CVE-2026-41065

Tautulli versions prior to 2.17.1 are vulnerable to unauthenticated/authenticated remote code execution via the newsletter custom template directory feature. On a fresh install (before setup wizard completion) or on an installed system with credentials, an attacker can create a newsletter agent a...

📄 Grafana 11.2.0 Server-Side Request Forgery

This Python script targets a server-side request forgery vulnerability in Grafana version 11.2.0. It abuses a path traversal flaw in the /render endpoint to make the server send requests to internal or otherwise restricted resources...

PT-2026-28163

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS is susceptible to a denial of service condition due to insufficient memory limit enforcement within the replace first filter. The filter utilizes JavaScript's String.prototype.replace,...

CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

EUVD-2025-33321

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...

PT-2025-41359

Name of the Vulnerable Software and Affected Versions Grafana Image Renderer versions 1.0.0 through 4.0.16 Description Grafana Image Renderer is susceptible to remote code execution due to an arbitrary file write issue. The /render/csv API endpoint lacks proper validation of the filePath paramete...

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

SUSE CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

Atlassian Jira < 8.5.13 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

Atlassian Jira 8.14.0 < 8.15.1 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

Atlassian Jira 8.6.0 < 8.13.15 User Enumeration Via Render Endpoint

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 8.5.13, 8.6.0 prior to 8.13.15 or 8.14.0 prior to 8.15.1. It is, therefore, affected by a vulnerability which may permit anonymous remote attackers to view users' emails via an...

PT-2022-20733 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: ITOP version 3.0.1 Description: A cross-site scripting XSS issue was found in ITOP. The vulnerability can be exploited via the "/itop/pages/ajax.render.php" API endpoint. Recommendations: For ITOP version 3.0.1, as a temporary workaround,...

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0...

PT-2021-22382 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue allows remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the "/rest/api/1.0/render" endpoint...

PT-2021-11975 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Jira Server and Data Center versions 8.5.12 and earlier Jira Server and Data Center versions 8.6.0 through 8.13.4 Jira Server and Data Center versions 8.14.0 through 8.15.0 Description: The issue allows remote anonymous attackers to determine...

CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...