thorsten

Top products

The 15 most recently published vulnerabilities affecting thorsten.

• CVE-2026-49205phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)6.5Jun 18, 2026
• CVE-2026-35676phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint8.2May 28, 2026
• CVE-2026-35675phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update8.2May 28, 2026
• CVE-2026-35672phpMyFAQ - Authentication Bypass via Empty API Token7.5May 28, 2026
• CVE-2026-35671phpMyFAQ - Insecure Direct Object Reference in User Password API8.8May 28, 2026
• CVE-2026-46367phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rendering7.6May 15, 2026
• CVE-2026-46366phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass7.5May 15, 2026
• CVE-2026-46365phpMyFAQ - Missing Authorization in Tag Deletion Endpoint5.4May 15, 2026
• CVE-2026-46364phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha9.8May 15, 2026
• CVE-2026-46363phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass5.4May 15, 2026
• CVE-2026-46362phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check6.5May 15, 2026
• CVE-2026-46361phpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twig6.9May 15, 2026
• CVE-2026-46360phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer5.4May 15, 2026
• CVE-2026-46359phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields7.5May 15, 2026
• CVE-2026-45010phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint9.1May 15, 2026