EUVD-2026-26399

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2021-1996

Malware in sbrugna...

EUVD-2023-0640

Malicious code in bioql PyPI...

ureport arbitrary file read vulnerability

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

GHSA-9VFC-QXC8-WRPQ ureport arbitrary file read vulnerability

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-48848

CVE-2023-48848 affects ureport v2.2.9, where an arbitrary file read is possible on the server by supplying a crafted path. The issue is described across multiple connected documents (Red Hat, Veracode, CNNVD, GHSA, OSV, and CVE lists) as a vulnerability in ureport2-core that allows reading files ...

PT-2023-30985 · Ureport · Ureport

Name of the Vulnerable Software and Affected Versions: ureport version 2.2.9 Description: An arbitrary file read issue allows a remote attacker to read files on the server by inserting a crafted path. Recommendations: For ureport version 2.2.9, at the moment, there is no information about a newer...

XML External Entity Reference in ureport

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

Xxe

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

GHSA-6FCJ-9VFW-JQ2M Arbitrary file deletion in ureport

ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability...

CVE-2023-24188

Affected software: ureport v2.2.9. Vulnerability: directory traversal via the deletion function that allows arbitrary files to be deleted. Impact: per CVSS 3.1, base score 9.1 (critical) with integrity/availability impact and network attack vector. Root cause: not explicitly detailed in the provi...

Server-Side Request Forgery in UReport

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

UReport Arbitrary File Creation Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. ureport version 2.2.9 contains an arbitrary file creation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

UReport Arbitrary Code Execution Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. The vulnerability stems from a lack of access control to the designer page. An attacker can exploit this vulnerability to execute arbitrary code...

UReport Server-Side Request Forgery Vulnerability

UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...

CVE-2020-21125

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code...

CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

Design/Logic Flaw

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page...

CVE-2020-21124

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page...