VYPR
Vendor

Qlik

Products
11
CVEs
33
Across products
35
Status
Private

Products

11

Recent CVEs

33
View all 33 CVEs →
  • CVE-2026-6264CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by…

  • CVE-2024-55579HigDec 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February…

  • CVE-2024-36077HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024…

  • CVE-2026-9057HigMay 20, 2026
    risk 0.53cvss 8.2epss 0.00

    A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.

  • CVE-2024-29863HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.00

    A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.

  • CVE-2024-55580HigDec 9, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in…

  • CVE-2020-36994MedJan 29, 2026
    risk 0.40cvss 6.2epss 0.00

    QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent…

  • CVE-2026-9056MedMay 20, 2026
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.

  • CVE-2023-41266KEVAug 29, 2023
    risk 0.26cvss epss 0.85

    A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate…

  • CVE-2023-41265KEVAug 29, 2023
    risk 0.25cvss epss 0.85

    An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their…

  • CVE-2023-48365KEVNov 15, 2023
    risk 0.22cvss epss 0.25

    Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP…

  • CVE-2015-3623Sep 16, 2015
    risk 0.04cvss epss 0.16

    XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.

  • CVE-2025-61138Nov 20, 2025
    risk 0.00cvss epss 0.00

    Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.

  • CVE-2023-36301Jun 26, 2023
    risk 0.00cvss epss 0.01

    Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.

  • CVE-2023-33247May 26, 2023
    risk 0.00cvss epss 0.00

    Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the…

  • CVE-2023-31444Apr 28, 2023
    risk 0.00cvss epss 0.01

    In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.

  • CVE-2023-26264Apr 13, 2023
    risk 0.00cvss epss 0.00

    All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.

  • CVE-2023-26263Apr 13, 2023
    risk 0.00cvss epss 0.00

    All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.

  • CVE-2022-42248Mar 6, 2023
    risk 0.00cvss epss 0.00

    QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

  • CVE-2022-45589Feb 6, 2023
    risk 0.00cvss epss 0.01

    All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a…