Lucene search
+L

4 matches found

Snyk
Snyk
added 2026/05/06 8:44 p.m.11 views

SQL Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to SQL Injection in the setTokenData function when OAuth token fields are interpolated into a SQL statement without proper escaping. An attacker can execut...

7.7CVSS6.1AI score0.00212EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/24 3:30 p.m.8 views

Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

6.5CVSS5.9AI score0.00607EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/05/13 9:31 a.m.2 views

Incorrect Default Permissions

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Default Permissions due to missing validations, which allow an attacker to take over ownership of dashboards, charts, or datasets. Note: This...

8.8CVSS6.7AI score0.00972EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/10/14 12:0 a.m.4 views

PT-2020-17248 · Microsoft · Windows Logon

Name of the Vulnerable Software and Affected Versions: Windows Logon versions prior to 4.1.2 Description: The issue allows an attacker with local user privileges to manipulate the installer into writing to arbitrary privileged directories by not properly validating file installation paths. This c...

7.8CVSS7.5AI score0.00306EPSS
Exploits0References2
Rows per page
Query Builder