VYPR

Knowage

by Knowagelabs

CVEs (25)

  • CVE-2019-13349MedSep 5, 2019
    risk 0.32cvss 4.9epss 0.01

    In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes.

  • CVE-2021-30057MedApr 5, 2021
    risk 0.31cvss 4.8epss 0.01

    A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.

  • CVE-2025-55007LowSep 1, 2025
    risk 0.23cvss 3.5epss 0.00

    Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response,…

  • CVE-2025-58441Jan 7, 2026
    risk 0.00cvss epss 0.00

    Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the…

  • CVE-2025-59954CriSep 30, 2025
    risk 0.00cvss 9.8epss 0.01

    Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27.

Page 2 of 2