VYPR

Vendor CVEs

Qlik

All CVEs

33 total · sorted by risk
  • CVE-2026-6264CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by…

  • CVE-2024-55579HigDec 9, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February…

  • CVE-2024-36077HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024…

  • CVE-2026-9057HigMay 20, 2026
    risk 0.53cvss 8.2epss 0.00

    A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.

  • CVE-2024-29863HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.00

    A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.

  • CVE-2024-55580HigDec 9, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in…

  • CVE-2020-36994MedJan 29, 2026
    risk 0.40cvss 6.2epss 0.00

    QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent…

  • CVE-2026-9056MedMay 20, 2026
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.

  • CVE-2023-41266KEVAug 29, 2023
    risk 0.26cvss epss 0.85

    A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate…

  • CVE-2023-41265KEVAug 29, 2023
    risk 0.25cvss epss 0.85

    An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their…

  • CVE-2023-48365KEVNov 15, 2023
    risk 0.22cvss epss 0.25

    Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP…

  • CVE-2015-3623Sep 16, 2015
    risk 0.04cvss epss 0.16

    XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.

  • CVE-2025-61138Nov 20, 2025
    risk 0.00cvss epss 0.00

    Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.

  • CVE-2023-36301Jun 26, 2023
    risk 0.00cvss epss 0.01

    Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.

  • CVE-2023-33247May 26, 2023
    risk 0.00cvss epss 0.00

    Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the…

  • CVE-2023-31444Apr 28, 2023
    risk 0.00cvss epss 0.01

    In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.

  • CVE-2023-26264Apr 13, 2023
    risk 0.00cvss epss 0.00

    All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.

  • CVE-2023-26263Apr 13, 2023
    risk 0.00cvss epss 0.00

    All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.

  • CVE-2022-42248Mar 6, 2023
    risk 0.00cvss epss 0.00

    QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.

  • CVE-2022-45589Feb 6, 2023
    risk 0.00cvss epss 0.01

    All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a…

  • CVE-2022-45588Feb 3, 2023
    risk 0.00cvss epss 0.00

    All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud…

  • CVE-2021-41988Jan 26, 2023
    risk 0.00cvss epss 0.00

    Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.

  • CVE-2021-41989Jan 26, 2023
    risk 0.00cvss epss 0.00

    Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

  • CVE-2022-30332Jan 10, 2023
    risk 0.00cvss epss 0.01

    In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via…

  • CVE-2021-4311Jan 9, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793.…

  • CVE-2022-4818Dec 28, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external…

  • CVE-2022-31648May 26, 2022
    risk 0.00cvss epss 0.01

    Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration…

  • CVE-2022-29943May 4, 2022
    risk 0.00cvss epss 0.01

    Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions…

  • CVE-2022-29942May 4, 2022
    risk 0.00cvss epss 0.01

    Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175,…

  • CVE-2022-0564Feb 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare…

  • CVE-2021-42837Nov 5, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will…

  • CVE-2021-40684Sep 22, 2021
    risk 0.00cvss epss 0.01

    Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container…

  • CVE-2019-11628May 1, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3,…