CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

CVE-2026-23982

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...

SUSE-SU-2026:0626-1 Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Require Go 1.23 for building - Update to versi...

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...

CVE-2026-27636

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

EUVD-2026-8612

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636

FreeScout has two combined CVEs affecting prior to 1.8.206. CVE-2026-27636 stems from an incomplete file restriction list: .htaccess and .user.ini are not blocked, allowing an authenticated user to upload a script on Apache with AllowOverride All and potentially achieve Remote Code Execution. CV...

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

PT-2026-21853

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.206 Description FreeScout, a PHP-based help desk and shared inbox application built on the Laravel framework, contains a flaw in its file upload restrictions. Prior to version 1.8.206, the application does not...

quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23982 via apache-superset (>=4.1.4 <=5.0.0)

apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23982 Source advisory: OSV:GHSA-3M2G-V7JF-7FXC...

GHSA-MWF2-QR4V-94H2 Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

GHSA-48M2-V2R8-H23M Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23984 via apache-superset (>=4.1.4 <=5.0.0)

apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23984 Source advisory: OSV:GHSA-MWF2-QR4V-94H2...

GHSA-3M2G-V7JF-7FXC Apache Superset Improper Authorization allows low-privileged users to bypass access controls

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23983 via apache-superset (>=4.1.4 <=5.0.0)

apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23983 Source advisory: OSV:GHSA-H294-8FXM-M2PJ...