📦 Thingsboard

This SSRF vulnerability in ThingsBoard allows attackers to upload malicious SVG files that trigger outbound requests from the server. Attackers can exploit this to access internal services and resourc...

This vulnerability in ThingsBoard 3.4.1 allows low-privileged CUSTOMER_USER accounts to escalate privileges to TENANT_ADMIN or SYS_ADMIN roles by exploiting an API parameter. Any organization running ...

CVE-2022-48341 is a privilege escalation vulnerability in ThingsBoard where authenticated tenant administrators can modify the scopes parameter to gain system administrator dashboard access. This affe...

This CVE describes a stored cross-site scripting (XSS) vulnerability in ThingsBoard's Image Gallery feature. Authenticated users can upload malicious SVG images containing JavaScript, which executes w...

This CVE describes an arbitrary file upload vulnerability in ThingsBoard's Image Gallery component that allows attackers to upload malicious files and execute arbitrary code on affected systems. The v...