📦 Knowage

Name: Knowage
Author: Eng

by Eng

🔍 What is Knowage?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2025-59954

CRITICAL CVSS 9.8 Sep 30, 2025

This vulnerability allows remote attackers to execute arbitrary code on Knowage servers by exploiting unsafe JXPathContext usage in MetaService.java. It affects all Knowage deployments running version...

CVE-2023-38702

CRITICAL CVSS 9.9 Aug 4, 2023

This vulnerability allows authenticated users with low privileges to upload malicious JSP files to the Knowage server via an unauthorized endpoint, leading to remote code execution. It affects Knowage...

CVE-2023-37472

HIGH CVSS 7.7 Jul 14, 2023

This SQL injection vulnerability in Knowage allows authenticated attackers to execute arbitrary SQL queries through unsanitized user input in HQL parameters. Attackers with low-privilege accounts can ...

CVE-2025-58441

MEDIUM CVSS 6.5 Jan 7, 2026

Knowage versions before 8.1.37 have a blind server-side request forgery vulnerability that allows attackers to send requests to arbitrary internal hosts and paths. While attackers cannot read response...