CVE-2026-46363

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQADD permission to inject malicious script tags via question or answer...

BIT-SUPERSET-2026-23969 Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

Liquidfiles 安全漏洞

Liquidfiles is a storage service for large-scale secure file transfer and sharing for companies and organizations from US-based Liquidfiles, Inc. A security vulnerability exists in Liquidfiles versions prior to 4.1.2, which originates from a vulnerability that could cause an FTPDrop user to execu...

vantage6 Data Falsification Issue Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions prior to 4.1.2 that stems from the fact that nodes do not check to see if they are allowed to run images if...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

GHSA-35C4-5QFP-WXJ6 Mattermost Server exposes team creator's e-mail address to other members

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members...