CVE-2025-48912 – Apache Superset SQL Injection Vulnerability

May 30, 2025

CVE ID : CVE-2025-48912

Published : May 30, 2025, 9:15 a.m. | 21 minutes ago

Description : An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into ‘sqlExpression’ fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.

This issue affects Apache Superset: before 4.1.2.

Users are recommended to upgrade to version 4.1.2, which fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4635 – Apache Web Portal Remote Code Execution Vulnerability

Next Article CVE-2025-48334 – BinaryCarpenter Woo Slider Pro Missing Authorization Vulnerability

Highlights

CVE-2025-49596 – MCP Inspector Remote Code Execution Vulnerability

June 13, 2025

CVE ID : CVE-2025-49596

Published : June 13, 2025, 8:15 p.m. | 43 minutes ago

Description : The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-48912 – Apache Superset SQL Injection Vulnerability

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

CVE-2025-9417 – iSourcecode Apartment Management System SQL Injection Vulnerability

Ivanti Workspace Control hardcoded key flaws expose SQL credentials

A Coding Implementation to Build a Self-Adaptive Goal-Oriented AI Agent Using Google Gemini and the SAGE Framework

Exploring the context of online images with Backstory

CVE-2025-49596 – MCP Inspector Remote Code Execution Vulnerability

CVE-2025-7419 – Tenda O3V2 HTTPd DestIP Stack-Based Buffer Overflow

CVE-2025-40617 – Bookgy SQL Injection Vulnerability

Google Fights Back: Appeals Order to Sell Chrome Browser

CVE-2025-48912 – Apache Superset SQL Injection Vulnerability

Related Posts