13 matches found
EUVD-2025-24807
Malicious code in bioql PyPI...
Apache Superset Information Disclosure Vulnerability (CNVD-2025-19102)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...
BIT-SUPERSET-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the query field in the API response from the /chart/data endpoint. An...
GHSA-9G5X-MM39-WG9R Apache Superset data query improperly discloses database schema information to low-privileged guest user
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
Apache Superset data query improperly discloses database schema information to low-privileged guest user
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
Apache Superset 信息泄露漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...
PT-2024-39280 · H2O.Ai · H2O-3
Name of the Vulnerable Software and Affected Versions: h2oai h2o-3 version 3.46.0.4 Description: A critical issue has been found in the getConnectionSafe function of the component JDBC Connection Handler, affecting the file /dtale/chart-data/1. The manipulation of the query argument leads to...
PT-2019-12079 · Salicru · Slc-20-Cube3
Name of the Vulnerable Software and Affected Versions: Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 Description: A reflected HTML injection issue allows remote attackers to inject arbitrary HTML elements via specific API endpoints, including /DataLog.csv?log=,...