Lucene search
K

129 matches found

RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.5 views

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

8.8CVSS7.8AI score0.00471EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34475 · Yoosee · Yoosee

Name of the Vulnerable Software and Affected Versions: Yoosee version 6.32.4 Description: An SQL injection flaw exists in the Yoosee application that allows authenticated users to inject arbitrary SQL queries through a request to a backend API endpoint. Successful exploitation can lead to the...

8.8CVSS7.5AI score0.00471EPSS
Exploits1References6
CNVD
CNVD
added 2025/08/20 12:0 a.m.5 views

Apache Superset Information Disclosure Vulnerability (CNVD-2025-19102)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...

5.3CVSS6.3AI score0.00519EPSS
Exploits0References1
OSV
OSV
added 2025/08/18 8:13 a.m.7 views

BIT-SUPERSET-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS7AI score0.00519EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/16 1:28 p.m.7 views

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS7.1AI score0.00519EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/14 3:30 p.m.1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the query field in the API response from the /chart/data endpoint. An...

5.3CVSS6.5AI score0.00519EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/14 3:30 p.m.17 views

Apache Superset data query improperly discloses database schema information to low-privileged guest user

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS7AI score0.00519EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/14 2:15 p.m.12 views

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

4.3CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2025/08/14 1:16 p.m.22 views

CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS0.00519EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 1:16 p.m.29 views

CVE-2025-55673

Apache Superset contains an information disclosure in the /chart/data response: when a guest user accesses a chart, the payload includes the underlying query, exposing database schema details (e.g., table names). This affects versions before 4.1.3. The issue is mitigated by upgrading to version 4...

5.3CVSS7.1AI score0.00519EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.4 views

Apache Superset 信息泄露漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that stems from the /chart/data endpoint response containing underlying query information, which can be exploited by an attack...

5.3CVSS6.2AI score0.00519EPSS
Exploits0References2
OSV
OSV
added 2025/08/05 8:15 p.m.7 views

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

6.1CVSS6.5AI score0.00365EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.6 views

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware that stems from insufficient cleanup of the cdatabaseschema field in the installation interface, which could lead to stored cross-site scripting...

6.1CVSS6AI score0.00365EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:15 a.m.5 views

CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo⌖=popup=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovere...

4.3CVSS6.6AI score0.00783EPSS
Exploits1References1
NVD
NVD
added 2025/02/26 8:15 p.m.9 views

CVE-2025-1726

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...

4.3CVSS0.00379EPSS
Exploits0References1
CVE
CVE
added 2025/02/26 7:28 p.m.60 views

CVE-2025-1726

Summary (CVE-2025-1726): Esri ArcGIS Monitor (versions 2023.0 through 2024.x on Windows and Linux) has a SQL injection vulnerability that can be exploited by a remote, authenticated attacker with low privileges to read limited database schema information. The confidentiality impact is labeled as ...

4.3CVSS4.6AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/26 7:28 p.m.3 views

CVE-2025-1726 [#BUG-000172669 ArcGIS Monitor has a security vulnerability]

There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...

4.3CVSS4.7AI score0.00379EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.2 views

Esri ArcGIS SQL注入漏洞

Esri ArcGIS is a powerful desktop GIS software from Esri. A SQL injection vulnerability exists in Esri ArcGIS Monitor versions 2023.0 through 2024.x. The vulnerability stems from allowing a low-privileged user to read limited database schema information...

4.3CVSS7.7AI score0.00379EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 9:15 p.m.7 views

CVE-2024-9710

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.3CVSS7.1AI score0.00662EPSS
Exploits0References2
NVD
NVD
added 2024/11/22 9:15 p.m.13 views

CVE-2024-9710

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.3CVSS0.00662EPSS
Exploits0References2
Rows per page
Query Builder