3 matches found
EUVD-2025-24820
Malicious code in bioql PyPI...
Apache Superset SQL Injection Vulnerability (CNVD-2025-19100)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that stems from a bypass of the DISALLOWEDSQLFUNCTIONS security feature, which can be exploited by an attacker to gain access to sensiti...
CVE-2025-55674
A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...