Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

thorsten — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting thorsten. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products thorsten:thorsten/phpmyfaqphpMyFAQ
CVE IDTitleCVSSSeverityPaused
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation — phpMyFAQCWE-79 5.4 Medium2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQCWE-943 8.2AIHighAI2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() — phpMyFAQCWE-79 6.1 Medium2026-04-02
CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController — phpMyFAQCWE-22 8.7 High2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQCWE-20 6.1AIMediumAI2026-04-02
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint — phpMyFAQCWE-862 7.5 High2026-02-27
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions — phpMyFAQCWE-200 5.3 Medium2026-01-24
CVE-2026-24420 phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) — phpMyFAQCWE-284 6.5 Medium2026-01-24
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user — phpMyFAQCWE-862 6.5 Medium2026-01-24
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup — phpMyFAQCWE-202 7.5 High2025-12-29
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw — phpMyFAQCWE-79 5.4 Medium2025-12-29
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality — phpMyFAQCWE-89 7.2 High2025-11-17
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email — phpMyFAQCWE-286 8.1 High2025-10-03
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ — phpMyFAQCWE-79 5.2 Medium2025-01-02
CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames — phpMyFAQCWE-451 4.9 Medium2024-12-13
CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available — phpMyFAQCWE-209 8.6 High2024-12-06
CVE-2024-29196 phpMyFAQ Path Traversal in Attachments — phpMyFAQCWE-22 3.8 Low2024-03-26
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments — phpMyFAQCWE-79 4.8AIMediumAI2024-03-25
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink — phpMyFAQCWE-79 4.7 Medium2024-03-25
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry — phpMyFAQCWE-89 8.8 High2024-03-25
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content — phpMyFAQCWE-79 4.3 Medium2024-03-25
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE — phpMyFAQCWE-434 7.2 High2024-03-25
CVE-2024-27300 phpMyFAQ Stored XSS at user email — phpMyFAQCWE-79 5.5 Medium2024-03-25
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News" — phpMyFAQCWE-89 8.8 High2024-03-25
CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename — phpMyFAQCWE-79 6.5 Medium2024-02-05
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes — phpMyFAQCWE-863 6.5 Medium2024-02-05
CVE-2024-22202 User Removal Page Allows Spoofing Of User Details — phpMyFAQCWE-284 5.7 Medium2024-02-05
CVE-2023-6889 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-79 5.4 -2023-12-16
CVE-2023-6890 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-79 5.4 -2023-12-16
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-614 5.3 -2023-10-31

This page lists every published CVE security advisory associated with thorsten. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.