spectr

SPECTR Scan Parser & Exploit Recon Tool SPECTR is a CLI c...

CVE-2026-28795

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

Path Traversal

OpenChatBI is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization of the fileformat parameter in the savereport tool, allowing attackers to manipulate file paths and potentially write files outside the intended directory...

CVE-2026-28795

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795

OpenChatBI’s save_report.py contains a path traversal vulnerability caused by insufficient sanitization of the file_format parameter. The issue allows crafted file_format values to traverse directories and write files outside the intended report directory, potentially overwriting critical files (...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

OpenChatBI 路径遍历漏洞

OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from insufficient cleaning of the fileformat parameter input in t...

Directory Traversal

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the fileformat parameter in the savereport tool. An...

OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

PT-2026-23001

Name of the Vulnerable Software and Affected Versions OpenChatBI versions prior to 0.2.2 Description OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The save report tool within the openchatbi/tool/save report.py component is susceptible to a...

CVE-2024-2825

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The...

PT-2024-22369 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A vulnerability was found in lakernote EasyAdmin, affecting unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be...

CVE-2023-37528

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

CVE-2023-37528

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

Cross site scripting

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report...

PT-2024-12632 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS vulnerability in the Web Reports component can possibly allow an attack to exploit an application parameter during execution of the Save Report...

GHSA-FHJ6-GR87-G4CJ XML External Entity Reference in ureport

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

ureport v2.2.9 代码问题漏洞

UReport is a high-performance pure Java reporting engine based on the Spring architecture that prepares complex Chinese reports and statements by iterating over cell. A security vulnerability exists in ureport version v2.2.9. An attacker exploits the vulnerability to execute arbitrary code by...