3 matches found
BIT-MONGODB-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...
CVE-2026-23980
Apache Superset CVE-2026-23980 describes an SQL injection issue (improper neutralization of special elements) that can be exploited by an authenticated user with read access via sqlExpression or where parameters. Affected software: Superset versions before 6.0.0. Impact as per CVSS: MEDIUM (5.3),...
CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...