BIT-SUPERSET-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

Incorrect Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization during the dataset creation process. An attacker can gain unauthorized access to restricted data by overwriting the SQL query o...

CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982

CVE-2026-23982 describes an Improper Authorization in Apache Superset where a low-privilege user can bypass data access controls during dataset creation by overwriting the SQL query of an existing dataset. Affected: Apache Superset

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...

CVE-2023-50248 CKAN out of memory error when submitting the dataset form with a specially-crafted field

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

PT-2023-31506 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions 2.0.0 through 2.9.9 CKAN versions 2.10.0 through 2.10.2 Description: CKAN is an open-source data management system for powering data hubs and data portals. When submitting a POST request to the "/dataset/new" endpoint including...

AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...