128 matches found
EUVD-2025-5710
Malicious code in bioql PyPI...
Improper Access Control
apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...
Apache Superset Authorization Problem Vulnerability (CNVD-2025-19101)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper access control on the /explore endpoint, which could be exploited by an attacker to obtain metadata abou...
BIT-SUPERSET-2025-55675 Apache Superset: Incorrect datasource authorization on REST API
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
GHSA-MHPQ-M962-MG92 Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
Missing Authorization
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Missing Authorization via the /explore endpoint due to a missing authorization check. An attacker can obtain sensitive metadata about datasources by...
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...
CVE-2025-55675
CVE-2025-55675 — Apache Superset : There is an improper access-control on the /explore endpoint. An authenticated user can enumerate metadata for datasources they lack permission to access by iterating datasource_id in the URL, leading to potential disclosure of protected datasource names. Affect...
Apache Superset 授权问题漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper access control on the /explore endpoint, which could be exploited by an attacker to obtain metadata abou...
PT-2025-33274 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: Apache Superset contains an improper access control issue in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do...
vulnerability-explore
vu...
CVE-2024-39752
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...
airunner (>=3.0.0 <=3.1.7), athina (>=1.7.0 <=1.7.39) +29 more potentially affected by CVE-2025-1753 via llama-index-cli (>=0.1.13 <=0.4.0)
llama-index-cli PYPI version =0.1.13, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.11.0, =0.11.23 - llama-index-callbacks-honeyhive =0.2.0 - llama-index-collection =0.2.0 and more Source cves: CVE-2025-1753 Source advisory:...
CVE-2021-32609
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...
CVE-2025-23563
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mbyte Explore pages explore-pages allows Reflected XSS.This issue affects Explore pages: from n/a through = 1.01...