phpmyfaq/phpmyfaq vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-985R-Q3QP-299HHighthorsten/phpmyfaq: phpMyFAQ has an incomplete fix for GHSA-xvp4-phqj-cjr3 — editUser() and updateUserRights() lack…CVE-2026-49205Mediumthorsten/phpmyfaq: phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)CVE-2026-48488Lowthorsten/phpmyfaq: phpMyFAQ has Weak Cryptography - SHA1 for Password HashingCVE-2026-35675Highthorsten/phpmyfaq: phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email EnumerationCVE-2026-35672Highthorsten/phpmyfaq: phpMyFAQ: Default Empty API Token Authentication BypassCVE-2026-35671Highthorsten/phpmyfaq: phpMyFAQ: IDOR Account Takeover CVE-2026-35676Highthorsten/phpmyfaq: phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password…CVE-2026-46364Criticalthorsten/phpmyfaq: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptchaCVE-2026-45008Mediumthorsten/phpmyfaq: phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by…CVE-2026-46366Highthorsten/phpmyfaq: phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback queryCVE-2026-46359Highthorsten/phpmyfaq: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fieldsCVE-2026-45010Criticalthorsten/phpmyfaq: phpMyFAQ enables unauthenticated 2FA brute-force attack via /admin/check acceptance of arbitrary…CVE-2026-45009Mediumthorsten/phpmyfaq: phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient…CVE-2026-46361Mediumphpmyfaq/phpmyfaq: phpMyFAQ has stored XSS via | raw Filter in search.twig — html_entity_decode(strip_tags()) Bypass…CVE-2026-45007Mediumthorsten/phpmyfaq: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints…CVE-2026-46360Mediumphpmyfaq/phpmyfaq: phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSSCVE-2026-46363Mediumphpmyfaq/phpmyfaq: phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes()…GHSA-7CX3-2QX2-3G6WMediumphpmyfaq/phpmyfaq: phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete TagsCVE-2026-46362Mediumphpmyfaq/phpmyfaq: phpMyFAQ has an Authorization Bypass in All Admin Pages Due to Non-Terminating Permission CheckCVE-2026-46367Highthorsten/phpmyfaq: phpMyFAQ has stored XSS via Utils::parseUrl() in comment renderingCVE-2026-34729Mediumphpmyfaq/phpmyfaq: phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()CVE-2026-34728Highphpmyfaq/phpmyfaq: phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserControllerCVE-2026-32629Mediumthorsten/phpmyfaq: phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ EditorCVE-2026-24422Mediumphpmyfaq/phpmyfaq: phpMyFAQ: Public API endpoints expose emails and invisible questionsCVE-2026-24421Mediumphpmyfaq/phpmyfaq: phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)

Stop the waste.
Protect your environment with Kodem.