Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

thorsten — Vulnerabilities & Security Advisories 115

Browse all 115 CVE security advisories affecting thorsten. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Thorsten operates as a specialized software solution, primarily serving enterprise environments with core functionalities centered around data management and workflow automation. Security audits have identified ninety-six Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws, which have frequently allowed unauthorized actors to gain administrative control or inject malicious scripts. These issues often stem from insufficient input validation and improper access control mechanisms within the application’s architecture. While no single catastrophic incident has been widely publicized as a defining event, the cumulative volume of disclosed CVEs suggests persistent challenges in patch management and secure coding practices. Organizations utilizing Thorsten must prioritize rigorous vulnerability scanning and timely updates to mitigate the risk of exploitation inherent in its known defect profile.

Top products by thorsten: thorsten/phpmyfaq phpMyFAQ
CVE IDTitleCVSSSeverityPublished
CVE-2026-49205 phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix) — phpMyFAQCWE-862 6.5 Medium2026-06-18
CVE-2026-48488 phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing — phpMyFAQCWE-328--2026-06-08
CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint — phpMyFAQCWE-640 8.2 High2026-05-28
CVE-2026-35675 phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update — phpMyFAQCWE-307 8.2 High2026-05-28
CVE-2026-35672 phpMyFAQ - Authentication Bypass via Empty API Token — phpMyFAQCWE-1188 7.5 High2026-05-28
CVE-2026-35671 phpMyFAQ - Insecure Direct Object Reference in User Password API — phpMyFAQCWE-266 8.8 High2026-05-28
CVE-2026-46367 phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rendering — phpmyfaqCWE-79 7.6 High2026-05-15
CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass — phpmyfaqCWE-863 7.5 High2026-05-15
CVE-2026-46365 phpMyFAQ - Missing Authorization in Tag Deletion Endpoint — phpmyfaqCWE-862 5.4 Medium2026-05-15
CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha — phpmyfaqCWE-89 9.8 Critical2026-05-15
CVE-2026-46363 phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass — phpmyfaqCWE-79 5.4 Medium2026-05-15
CVE-2026-46362 phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check — phpmyfaqCWE-863 6.5 Medium2026-05-15
CVE-2026-46361 phpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twig — phpmyfaqCWE-79 6.9 Medium2026-05-15
CVE-2026-46360 phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer — phpmyfaqCWE-79 5.4 Medium2026-05-15
CVE-2026-46359 phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields — phpmyfaqCWE-89 7.5 High2026-05-15
CVE-2026-45010 phpMyFAQ - Unauthenticated Two-Factor Authentication Brute-Force via /admin/check Endpoint — phpmyfaqCWE-307 9.1 Critical2026-05-15
CVE-2026-45009 phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints — phpmyfaqCWE-863 4.3 Medium2026-05-15
CVE-2026-45008 phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter — phpmyfaqCWE-73 6.5 Medium2026-05-15
CVE-2026-45007 phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information Disclosure — phpmyfaqCWE-862 4.3 Medium2026-05-15
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation — phpMyFAQCWE-79 5.4 Medium2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQCWE-943 8.2AIHighAI2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() — phpMyFAQCWE-79 6.1 Medium2026-04-02
CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController — phpMyFAQCWE-22 8.7 High2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQCWE-20 6.1AIMediumAI2026-04-02
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint — phpMyFAQCWE-862 7.5 High2026-02-27
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions — phpMyFAQCWE-200 5.3 Medium2026-01-24
CVE-2026-24420 phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) — phpMyFAQCWE-284 6.5 Medium2026-01-24
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user — phpMyFAQCWE-862 6.5 Medium2026-01-24
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup — phpMyFAQCWE-202 7.5 High2025-12-29
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw — phpMyFAQCWE-79 5.4 Medium2025-12-29

This page lists every published CVE security advisory associated with thorsten. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.