4 matches found
EUVD-2026-8479
Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...
CVE-2025-64402
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...
PT-2025-33272 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.3 Description: A guest user accessing a chart in Apache Superset receives an API response from the /chart/data endpoint that includes a query field. This field improperly discloses database schema...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when parsing random invalid enum strings in the EnumStringValues/EnumExtensions.cs file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...