Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded 2026/05/15 6:36 p.m.10 views

CVE-2026-46366

CVE-2026-46366 affects phpMyFAQ before 4.1.2. An information disclosure vulnerability exists in getIdFromSolutionId() that does not enforce permissions, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers ...

8.7CVSS5.8AI score0.00078EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/15 6:36 p.m.27 views

CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

8.7CVSS0.00078EPSS
Exploits0References2
OSV
OSVadded 2026/05/06 8:45 p.m.1 views

GHSA-99QV-G4X9-MGC3 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query

Summary The public /solutionidid.html route calls Faq::getIdFromSolutionId in phpmyfaq/src/phpMyFAQ/Faq.php:1312. That query joins faqdata with faqcategoryrelations solely by solutionid and returns the matching FAQ's id, lang, thema title, and categoryid with no permission filter. An...

7.5CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder