SQL Injection

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection via the BuiltinCaptcha process. An attacker can access sensitive data, modify or delete database records, and extract credential hashes by...

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization via the getFaqBySolutionId process. An attacker can access restricted FAQ metadata, including titles, categories, internal IDs,...

SQL Injection

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

Brute Force

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Brute Force via the check process. An attacker can gain unauthorized administrative access by submitting arbitrary user-id and token values to the...

Brute Force

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Brute Force via the check process. An attacker can gain unauthorized administrative access by submitting arbitrary user-id and token values to the...

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

Incorrect Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

Incorrect Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the userHasPermission process. An attacker can gain unauthorized access to sensitive administrative data by sending requests ...

Improper Encoding or Escaping of Output

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Utils::parseUrl function during comment rendering. An attacker can execute arbitrary JavaScript in the...

CVE-2026-23969

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

CVE-2026-23969

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

CVE-2026-23969

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

PT-2026-21678

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 4.1.2 Description Apache Superset uses a configurable dictionary, DISALLOWED SQL FUNCTIONS, to limit the execution of potentially sensitive SQL functions in SQL Lab and charts. A flaw exists because the defaul...

PT-2025-52725

Name of the Vulnerable Software and Affected Versions Marshmallow versions 3.0.0rc1 through 3.26.1 Marshmallow versions 4.0.0 through 4.1.1 Description Marshmallow, a library for converting complex objects to and from simple Python datatypes, contains a flaw in the Schema.loaddata, many=True...

CVE-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects...

SUSE CVE-2023-30601

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be...

PYSEC-2023-304

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

PYSEC-2023-303

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. In affected versions a node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a...

PT-2023-22009 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.5.0 through 3.5.7 Mastodon versions 3.5.8 is not affected, but versions prior to 3.5.8 are affected, however 4.0.3 and prior to 4.0.4 and 4.1.1 and prior to 4.1.2 are also affected. Mastodon versions 2.5.0 through 4.1.1...