Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.11 views

CVE-2021-41971

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

8.8CVSS7.6AI score0.01709EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0025

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02788EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/05/30 8:26 a.m.10 views

CVE-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects...

7.1CVSS7.1AI score0.0062EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.4 views

CVE-2022-27479

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue...

9.8CVSS7.8AI score0.02788EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 9:2 p.m.6 views

CVE-2023-49736

A wherein JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the...

8.8CVSS7.6AI score0.01178EPSS
Exploits0References4
Rows per page
Query Builder