Vulnerabilidades em chartbrew

15 resultados

CVE-2026-25887HIGHChartbrew: Remote Code Execution (RCE) via MongoDB Dataset QueryEPSS 0.8%CVE-2026-25888HIGHChartbrew: Remote Code Execution (RCE) via Vulnerable APIEPSS 0.7%CVE-2026-27005HIGHChartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)EPSS 0.5%CVE-2026-27603HIGHChartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissionsEPSS 0.4%CVE-2026-40601HIGHChartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggleEPSS 0.3%CVE-2026-25877MEDIUMChartbrew: Insecure Direct Object Reference (IDOR) in Chart OperationsEPSS 0.3%CVE-2026-32252HIGHChartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`EPSS 0.3%CVE-2026-40595HIGHChartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checksEPSS 0.3%CVE-2026-35514MEDIUMUnauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in ChartbrewEPSS 0.2%CVE-2026-30232HIGHChartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLsEPSS 0.2%CVE-2026-40603MEDIUMChartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team overrideEPSS 0.2%CVE-2026-40904HIGHChartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checksEPSS 0.2%CVE-2026-40600HIGHChartbrew: Incorrect Access Control in project share policy routes via unbound policy_idEPSS 0.2%CVE-2026-27605MEDIUMChartbrew: Stored Cross-Site Scripting (XSS) via File Upload APIEPSS 0.2%CVE-2026-41518HIGHChartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)EPSS 0.2%