eng
Enterprise Softwarecommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting eng.
- CVE-2025-58441Knowage is vulnerable to blind server-side request forgery (SSRF)6.5
- CVE-2025-59954Knowage Contains a Remote Code Execution Vulnerability9.8
- CVE-2025-55007Knowage vulnerable to server-side request forgery3.5
- CVE-2024-57971DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.9.1
- CVE-2024-54795SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.5.4
- CVE-2024-54794The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.9.1
- CVE-2024-54792A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions insi...6.1
- CVE-2023-38702Knowage Server vulnerable to path traversal via upload functionality9.9
- CVE-2023-37472Query injection in Knowage server7.7
- CVE-2023-36819Knowage-Server vulnerable to Path traversal in download functionalities6.5
- CVE-2023-35154Knowage-Server vulnerable to account validation bypass7.2
- CVE-2022-39295Improper Neutralization of Alternate XSS Syntax in Knowage-Server6.1
- CVE-2021-30213Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.6.1
- CVE-2021-30214Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.5.4
- CVE-2021-30212Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter.5.4