Lucene search
K

8 matches found

Snyk
Snyk
added 2026/05/20 3:46 p.m.14 views

Insecure Default Initialization of Resource

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:46 p.m.14 views

Insecure Default Initialization of Resource

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:45 p.m.10 views

Weak Password Recovery Mechanism for Forgotten Password

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:45 p.m.9 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-24807

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/14 1:16 p.m.22 views

CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.64 views

PT-2023-16322 · Isoftforce · Isoftforce Dreamer Cms

Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS versions up to 4.0.1 Description: A vulnerability has been found in the software, classified as problematic, and it affects unknown code. The manipulation of this issue leads to cross site scripting. The attack can be...

5.4CVSS6.6AI score0.00714EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.6 views

PT-2021-4587 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.8 Redmine versions 4.1.0 through 4.1.2 Description: The issue is related to a timing difference in string comparison operations within SysController and MailHandlerController, allowing an attacker to learn...

9.8CVSS6.1AI score0.01737EPSS
Exploits0References42
Rows per page
Query Builder