12 matches found
CVE-2026-24316
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery SSRF. Successful exploitation could lead to interaction with...
CVE-2026-28795
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI
OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...
PT-2026-23001
Name of the Vulnerable Software and Affected Versions OpenChatBI versions prior to 0.2.2 Description OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The save report tool within the openchatbi/tool/save report.py component is susceptible to a...
RHSA-2025:23031 Red Hat Security Advisory: abrt security update
Bulletin has no description...
abrt: Command-injection in ABRT leading to local privilege escalation
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...
SUSE CVE-2015-3147
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool ABRT, when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on 1 /var/spool/abrt or 2 /var/tmp/abrt...
SUSE CVE-2015-5287
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool ABRT before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump...
SUSE CVE-2015-7529
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date...
The vulnerability in the web interface of the software tool for creating reports for Cisco Security Manager’s deployed security solutions allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the web interface for creating reports for Cisco Security Manager’s deployed security solutions is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the specially...
The vulnerability in the web interface of the software tool for creating reports for Cisco Security Manager’s deployed security solutions allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the web interface for creating reports for Cisco Security Manager’s deployed security solutions is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the specially...
abrt: default event scripts follow symbolic links
It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...