CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

RedhatCVE•added 2026/02/25 4:16 p.m.•2 views

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS5.7AI score0.00041EPSS

Exploits0References1

Github Security Blog•added 2026/02/24 3:30 p.m.•6 views

Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections

7.1CVSS5.7AI score0.00041EPSS

Exploits0References4Affected Software1

NVD•added 2026/02/24 2:16 p.m.•3 views

CVE-2026-23984

7.1CVSS0.00041EPSS

Exploits0References2

Vulnrichment•added 2026/02/24 12:51 p.m.•2 views

CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

7.1CVSS5.7AI score0.00041EPSS

Exploits0References1

CVE•added 2026/02/24 12:51 p.m.•17 views

CVE-2026-23984

CVE-2026-23984 affects Apache Superset prior to 6.0.0. An authenticated user with SQLLab access can bypass the read-only verification for PostgreSQL connections, enabling crafted statements to evade the existing DML blocks. This could allow execution of data manipulation operations that should be...

7.1CVSS5.7AI score0.00041EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0019

Malware in sbrugna...

5.3CVSS5.3AI score0.00144EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 8:0 a.m.•4 views

CVE-2019-12414

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5.3CVSS6.6AI score0.00144EPSS

Exploits0References1

OSV•added 2025/02/05 7:28 a.m.•10 views

BIT-SUPERSET-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

4.3CVSS4.5AI score0.00173EPSS

Exploits0References2

OSV•added 2025/02/05 7:26 a.m.•8 views

BIT-SUPERSET-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...

6.5CVSS5.8AI score0.0015EPSS

Exploits0References3

OSV•added 2025/02/05 7:24 a.m.•7 views

BIT-SUPERSET-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

7.1CVSS6.6AI score0.01043EPSS

Exploits0References3

OSV•added 2024/12/12 3:31 p.m.•13 views

GHSA-787V-V9VQ-4RGV Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

7.1CVSS6.7AI score0.01043EPSS

Exploits0References4

Github Security Blog•added 2024/12/12 3:31 p.m.•15 views

Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

7.1CVSS7.5AI score0.01043EPSS

Exploits0References4Affected Software1

OSV•added 2024/12/12 3:15 p.m.•6 views

CVE-2024-55633

6.5CVSS6.7AI score

Exploits0References2

Vulnrichment•added 2024/12/12 2:36 p.m.•14 views

CVE-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

7.1CVSS7.6AI score0.01043EPSS

Exploits0References1

Cvelist•added 2024/12/12 2:36 p.m.•14 views

CVE-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access

7.1CVSS0.01043EPSS

Exploits0References1

Veracode•added 2024/02/29 5:20 a.m.•15 views

Improper Authorization

apache-superset is vulnerable to Improper Authorization. The vulnerability is due to improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization...

6.5CVSS7.2AI score0.0015EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2024/02/28 12:30 p.m.•18 views

Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

6.5CVSS5.8AI score0.0015EPSS

Exploits0References4Affected Software1

OSV•added 2024/02/28 12:30 p.m.•13 views

GHSA-5474-F7G5-273Q Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

4.9CVSS5.8AI score0.0015EPSS

Exploits0References4

NVD•added 2024/02/28 12:15 p.m.•14 views

CVE-2024-24773

6.5CVSS5.4AI score0.0015EPSS

Exploits0References2

CVE•added 2024/02/28 11:24 a.m.•99 views

CVE-2024-24773

The CVE-2024-24773 entry concerns Apache Superset. Affected versions are before 3.0.4 and 3.1.0 before 3.1.1, where improper parsing of nested SQL statements in SQLLab could allow authenticated users to bypass data authorization. The issue’s impact is elevated access to data within the authorizat...

6.5CVSS5.9AI score0.0015EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by