8 matches found
Insecure Default Initialization of Resource
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...
Insecure Default Initialization of Resource
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...
Weak Password Recovery Mechanism for Forgotten Password
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...
Weak Password Recovery Mechanism for Forgotten Password
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...
EUVD-2025-24807
Malicious code in bioql PyPI...
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...
PT-2023-16322 · Isoftforce · Isoftforce Dreamer Cms
Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS versions up to 4.0.1 Description: A vulnerability has been found in the software, classified as problematic, and it affects unknown code. The manipulation of this issue leads to cross site scripting. The attack can be...
PT-2021-4587 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.8 Redmine versions 4.1.0 through 4.1.2 Description: The issue is related to a timing difference in string comparison operations within SysController and MailHandlerController, allowing an attacker to learn...