3 matches found
EUVD-2026-25366
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...
CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass
An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability exists due to improper data validation in the library, allowing an attacker with update dataset permission to change a dataset link to an untrusted site and redirect to the malicious URLs by clicking on a specific dataset...