129 matches found
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
PT-2025-34475 · Yoosee · Yoosee
Name of the Vulnerable Software and Affected Versions: Yoosee version 6.32.4 Description: An SQL injection flaw exists in the Yoosee application that allows authenticated users to inject arbitrary SQL queries through a request to a backend API endpoint. Successful exploitation can lead to the...
Apache Superset Information Disclosure Vulnerability (CNVD-2025-19102)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...
BIT-SUPERSET-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the query field in the API response from the /chart/data endpoint. An...
Apache Superset data query improperly discloses database schema information to low-privileged guest user
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
CVE-2025-55673
Apache Superset contains an information disclosure in the /chart/data response: when a guest user accesses a chart, the payload includes the underlying query, exposing database schema details (e.g., table names). This affects versions before 4.1.3. The issue is mitigated by upgrading to version 4...
Apache Superset 信息泄露漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...
CVE-2025-51541
A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...
Shopware 安全漏洞
Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo⌖=popup=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovere...
CVE-2025-1726
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...
CVE-2025-1726
Summary (CVE-2025-1726): Esri ArcGIS Monitor (versions 2023.0 through 2024.x on Windows and Linux) has a SQL injection vulnerability that can be exploited by a remote, authenticated attacker with low privileges to read limited database schema information. The confidentiality impact is labeled as ...
CVE-2025-1726 [#BUG-000172669 ArcGIS Monitor has a security vulnerability]
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...
Esri ArcGIS SQL注入漏洞
Esri ArcGIS is a powerful desktop GIS software from Esri. A SQL injection vulnerability exists in Esri ArcGIS Monitor versions 2023.0 through 2024.x. The vulnerability stems from allowing a low-privileged user to read limited database schema information...
CVE-2024-9710
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2024-9710
PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...