Lucene search
+L

52 matches found

cve
cve
added 2026/06/30 3:58 p.m.23 views

CVE-2026-58375

JimuReport up to version 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication. The handler is annotated @JimuNoLoginRequired, allowing JimuReportTokenInterceptor to skip auth, and the export service streams the rendered report for any supplied report id without verifying t...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
euvd
euvd
added 2026/06/30 3:58 p.m.6 views

EUVD-2026-40362

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 3:58 p.m.38 views

CVE-2026-58375 JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS0.00458EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.7 views

PT-2026-53932

Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.5.1 Description The application exposes the POST '/jmreport/auto/export' endpoint without authentication because the handler is annotated with @JimuNoLoginRequired, causing the JimuReportTokenInterceptor to skip...

8.7CVSS6.1AI score0.00458EPSS
Exploits0References7
cvelist
cvelist
added 2026/06/27 5:33 a.m.40 views

CVE-2026-12404 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References1
snyk
snyk
added 2026/05/27 10:34 p.m.8 views

Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization through inconsistent authorization checks between the report listing and detail retrieval endpoints. An attacker can access sensitiv...

7.1CVSS5.8AI score0.00035EPSS
Exploits0References2
nvd
nvd
added 2026/04/30 7:16 p.m.7 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS0.00241EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/26 3:5 p.m.7 views

CVE-2025-41008

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References1
euvd
euvd
added 2026/03/25 7:52 p.m.7 views

EUVD-2026-14496

AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...

5.3CVSS5.8AI score0.00315EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.9 views

Sinturno SQL注入漏洞

Sinturno is a tool used by the American company Sinturno to manage and analyze network traffic. Sinturno has a SQL injection vulnerability, which stems from improper handling of the client parameter in the adm/scripts/modalReportdata.php endpoint. This vulnerability may lead to SQL injection...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/24 7:26 a.m.3 views

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 8:59 a.m.21 views

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...

8.8CVSS8.2AI score0.02288EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/07 7:58 p.m.8 views

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS9.2AI score0.00638EPSS
Exploits0References1
nvd
nvd
added 2025/11/06 8:15 p.m.5 views

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS0.00638EPSS
Exploits0References3
cve
cve
added 2025/11/06 7:57 p.m.17 views

CVE-2022-50592

CVE-2022-50592 affects Advantech iView prior to v5.7.04 build 6425. The SNMP management tool contains an authentication bypass that enables a SQL injection in the getInventoryReportData parameter of the NetworkServlet endpoint, leading to remote code execution with administrator privileges. This ...

9.3CVSS8.8AI score0.00638EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/11/06 7:57 p.m.8 views

CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS0.00638EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/11/06 7:57 p.m.5 views

CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS8.8AI score0.00638EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-13629

Malware in sbrugna...

7.5CVSS7.5AI score0.00934EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20379

Malware in sbrugna...

8.3CVSS7.3AI score0.01482EPSS
Exploits0References5
Rows per page
Query Builder