52 matches found
CVE-2026-58375
JimuReport up to version 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication. The handler is annotated @JimuNoLoginRequired, allowing JimuReportTokenInterceptor to skip auth, and the export service streams the rendered report for any supplied report id without verifying t...
EUVD-2026-40362
JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...
CVE-2026-58375 JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export
JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...
PT-2026-53932
Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.5.1 Description The application exposes the POST '/jmreport/auto/export' endpoint without authentication because the handler is annotated with @JimuNoLoginRequired, causing the JimuReportTokenInterceptor to skip...
CVE-2026-12404 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
Incorrect Authorization
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization through inconsistent authorization checks between the report listing and detail retrieval endpoints. An attacker can access sensitiv...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2025-41008
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
EUVD-2026-14496
AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...
Sinturno SQL注入漏洞
Sinturno is a tool used by the American company Sinturno to manage and analyze network traffic. Sinturno has a SQL injection vulnerability, which stems from improper handling of the client parameter in the adm/scripts/modalReportdata.php endpoint. This vulnerability may lead to SQL injection...
CVE-2025-14609
The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...
CVE-2023-49330
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...
CVE-2022-50592
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...
CVE-2022-50592
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...
CVE-2022-50592
CVE-2022-50592 affects Advantech iView prior to v5.7.04 build 6425. The SNMP management tool contains an authentication bypass that enables a SQL injection in the getInventoryReportData parameter of the NetworkServlet endpoint, leading to remote code execution with administrator privileges. This ...
CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...
CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...
EUVD-2021-13629
Malware in sbrugna...
EUVD-2021-20379
Malware in sbrugna...