EUVD-2025-41703

Malicious code in andi-bakwan91-riris npm...

CVE-2025-41703

creationtimestamp| type| source ---|---|--- 2025-10-14 13:40:15+00:00| seen| https://infosec.exchange/users/certvde/statuses/115372799750920973 2025-10-17 08:37:12+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3m3eulxahcx2d 2025-10-18 07:11:13+00:00| seen|...

CVE-2024-41703

LibreChat through 0.7.4-rc1 has incorrect access control for message updates...

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

CVE-2022-41703

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the featur...

CVE-2022-41703

creationtimestamp| type| source ---|---|--- 2025-04-08 20:46:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11004...

CVE-2024-41703

creationtimestamp| type| source ---|---|--- 2024-07-22 07:46:25+00:00| seen| https://t.me/cvedetector/1378...

CVE-2024-41703

LibreChat through 0.7.4-rc1 has incorrect access control for message updates...

CVE-2024-41703

LibreChat up to version 0.7.4-rc1 has an incorrect access control for message updates. The issue is documented across multiple sources (NVD, Red Hat, OSV, CVE lists) with the same description. The CVSS-based impact is listed as critical in NVD (high confidentiality, integrity, and availability im...

CVE-2023-41703

creationtimestamp| type| source ---|---|--- 2024-02-12 10:21:56+00:00| seen| https://t.me/ctinow/182998 2024-03-03 15:21:59+00:00| seen| https://t.me/ctinow/198781...

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

CVE-2023-41703

CVE-2023-41703 affects Open-Xchange App Suite. The flaw arises from inadequate sanitization of User ID references at mentions in document comments, allowing script code to be injected into a user session when handling a malicious document. The issue is mitigated by applying provided updates/patch...

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

CVE-2023-41703

User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a users session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avo...

CVE-2022-41703 Apache Superset: SQL injection vulnerability in adhoc clauses

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the featur...

CVE-2022-41703

The CVE-2022-41703 issue is in Apache Superset’s SQL Alchemy connector. An authenticated user with read access to a database can add subqueries in the WHERE and HAVING clauses that reference tables the user should not access, even when the ALLOW_ADHOC_SUBQUERY feature flag is disabled. Affected v...