Every CVE whose affected-product data names Eng Knowage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2023-38702 — CVSS 9.9 (critical): Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint…
CVE-2019-13188 — CVSS 9.8 (critical): In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
CVE-2025-59954 — CVSS 9.8 (critical): Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection…
CVE-2019-13348 — CVSS 8.8 (high): In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in…
CVE-2021-30055 — CVSS 8.8 (high): A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the…
CVE-2023-37472 — CVSS 7.7 (high): Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior…
CVE-2023-35154 — CVSS 7.2 (high): Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can…
CVE-2023-36819 — CVSS 6.5 (medium): Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint…
CVE-2025-58441 — CVSS 6.5 (medium): Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery…
CVE-2018-12355 — CVSS 6.1 (medium): Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.
CVE-2019-13189 — CVSS 6.1 (medium): In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVE-2021-30058 — CVSS 6.1 (medium): Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in…
CVE-2021-30213 — CVSS 6.1 (medium): Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in…
CVE-2022-39295 — CVSS 6.1 (medium): Knowage is an open source suite for modern business analytics alternative over big data systems. KnowageLabs / Knowage-Server starting with…
CVE-2021-30056 — CVSS 5.4 (medium): Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in…
CVE-2021-30212 — CVSS 5.4 (medium): Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-servi…
CVE-2021-30211 — CVSS 5.4 (medium): Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-servi…
CVE-2021-30214 — CVSS 5.4 (medium): Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name'…
CVE-2019-13190 — CVSS 5.3 (medium): In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.
CVE-2021-30057 — CVSS 4.8 (medium): A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/a…
CVE-2025-55007 — CVSS 3.5 (low): Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request…