CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...

EUVD-2021-31676

Malicious code in bioql PyPI...

The vulnerability of the module that summarizes the Workflow framework for scanning vulnerabilities in Osmedeus, allowing attackers to perform cross-site scripting attacks

The vulnerability of the Workflow framework’s module summary component is related to the failure to remove specific elements from web pages when generating reports based on the general-template.md template. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in its report-generation mechanism’s deficiencies, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...