109 matches found
CVE-2026-23969
creationtimestamp| type| source ---|---|--- 2026-02-24 17:03:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mfmnjexwcj24...
CVE-2026-23969 Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering
Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...
CVE-2026-23969
Apache Superset prior to 4.1.2 is affected by CVE-2026-23969 due to an incomplete default DISALLOWED_SQL_FUNCTIONS list for the ClickHouse engine, which can lead to exposure of sensitive information in SQL Lab and charts. The vulnerability’s impact is described with a CVSS 4.0 base score of 5.3 (...
CVE-2025-23969
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through = 5.5.15...
Linux Distros Unpatched Vulnerability : CVE-2023-23969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...
Linux Distros Unpatched Vulnerability : CVE-2021-23969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As specified in the W3C Content Security Policy draft, when creating a violation report, User agents need to ensure that the source file is the URL requested by...
CVE-2025-23969
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through = 5.5.15...
CVE-2025-23969 WordPress KI Live Video Conferences plugin <= 5.5.15 - Sensitive Data Exposure Vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Retrieve Embedded Sensitive Data.This issue affects KI Live Video Conferences: from n/a through = 5.5.15...
CVE-2025-23969
CVE-2025-23969 is reported for KI Live Video Conferences (via RH: CVE-2025-23969) and concerns Exposure of Sensitive System Information to an Unauthorized Actor . The Red Hat entry mirrors the description: it affects KI Live Video Conferences (version range: n/a up to 5.5.15) and enables retrieva...
WordPress KI Live Video Conferences plugin <= 5.5.15 - Sensitive Data Exposure Vulnerability
Sensitive Data Exposure Vulnerability discovered by HLog in WordPress Plugin KI Live Video Conferences versions = 5.5.15...
CVE-2024-23969
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the...
CVE-2024-23969 ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the...
CVE-2024-23969 ChargePoint Home Flex wlanchnllst Out-Of-Bounds Write
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from the...
CVE-2024-5874
IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
CVE-2024-5874 IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
openSUSE Security Advisory (SUSE-SU-2024:2545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2545-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets bsc1227590 - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords bsc12275...
SUSE CVE-2021-23969
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that's not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0057-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5465-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...