CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

NVD•added 2026/03/31 12:16 p.m.•1 views

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

4.3CVSS0.00007EPSS

Exploits0References1

ATTACKERKB•added 2026/03/31 11:53 a.m.•1 views

CVE-2026-0397

3.1CVSS5.9AI score0.00007EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/31 11:53 a.m.•3 views

CVE-2026-0397 Information disclosure via CORS misconfiguration

3.1CVSS5.9AI score0.00007EPSS

Exploits0References1

Positive Technologies•added 2026/03/04 12:0 a.m.•2 views

PT-2026-23110

Name of the Vulnerable Software and Affected Versions Drupal AJAX Dashboard versions prior to 3.1.0 Description A missing authentication check for a critical function in Drupal AJAX Dashboard allows exploitation of incorrectly configured access control security levels. The issue resides in the AJ...

5.8AI score0.00015EPSS

Exploits0References3

Drupal•added 2026/03/04 12:0 a.m.•8 views

AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022

AJAX Dashboard: Entity Dashboards enables you to create configurable dashboards attached to entities which include AJAX-reloading of a main content area based on inputs from a configurable set of buttons. The module doesn't sufficiently check access on the dashboard configuration route...

6.5CVSS5.8AI score0.00015EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-46216

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.05444EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:56 p.m.•7 views

CVE-2022-43170

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

5.4CVSS5.3AI score0.05444EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:46 p.m.•4 views

CVE-2022-45438

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.3CVSS6.9AI score0.0324EPSS

Exploits0References1

OSV•added 2025/02/05 7:28 a.m.•10 views

BIT-SUPERSET-2022-45438 Apache Superset: Dashboard metadata information leak

5.3CVSS5.2AI score0.0324EPSS

Exploits0References2

Veracode•added 2023/01/19 10:46 a.m.•23 views

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability exists in api.py due to explicitly enabling the DASHBOARDCACHE feature which allows an unauthenticated user to access dashboard configuration metadata using a rest api GET endpoint...

5.3CVSS5.5AI score0.0324EPSS

Exploits0References5Affected Software1

OSV•added 2023/01/16 12:30 p.m.•16 views

GHSA-8F5J-MGX9-5HM5 Apache Superset has Improper Access Control

5.3CVSS5.1AI score0.0324EPSS

Exploits0References3

CVE•added 2023/01/16 10:12 a.m.•79 views

CVE-2022-45438

CVE-2022-45438 affects Apache Superset where enabling the DASHBOARD_CACHE feature flag (off by default) allows an unauthenticated user to access dashboard configuration metadata via a REST API GET endpoint. Affected versions are Superset 1.5.2 and earlier, and 2.0.0. The underlying issue is an im...

5.3CVSS5.2AI score0.0324EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/01/16 12:0 a.m.•2 views

PT-2023-14667 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: The system allowed an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint when the feature flag DASHBOARD CACHE was...

5.3CVSS7.3AI score0.0324EPSS

Exploits0References9

NVD•added 2022/10/28 5:15 p.m.•7 views

CVE-2022-43170

5.4CVSS0.05444EPSS

Exploits1References1

Prion•added 2022/10/28 5:15 p.m.•14 views

Cross site scripting

4.9CVSS5.1AI score0.05444EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/10/28 12:0 a.m.•13 views

CVE-2022-43170

5.3AI score0.05444EPSS

Exploits1References1

Positive Technologies•added 2022/10/28 12:0 a.m.•2 views

PT-2022-26787 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue in the Dashboard Configuration feature, specifically at the "index.php?module=dashboard configure/index" endpoint, allows authenticated attackers to execute...

5.4CVSS5.3AI score0.05444EPSS

Exploits1References3

CNNVD•added 2022/10/28 12:0 a.m.•0 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A security vulnerability exists in Rukovoditel version 3.2.1, which stems from the Title parameter of the...

5.4CVSS5AI score0.05444EPSS

Exploits1References2

CVE•added 2022/10/28 12:0 a.m.•69 views

CVE-2022-43170

CVE-2022-43170 describes a stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature of Rukovoditel v3.2.1 . An authenticated attacker can inject arbitrary web scripts/HTML through the Title parameter after clicking “Add info block” (endpoint: index.php?module=dashboa...

5.4CVSS5.1AI score0.05444EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2022/10/28 12:0 a.m.•5 views

CVE-2022-43170

5.2AI score0.05444EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by