Package impact

COMPOSER / phpMyFAQ/phpMyFAQ

CVE	Severity	CVSS	Risk	Published	Description
CVE-2026-45008	medium	6.5	6.5	12d ago	phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins
CVE-2026-46360	medium	5.4	5.4	12d ago	phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS
CVE-2026-46363	medium	5.4	5.4	12d ago	phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization
CVE-2026-46365	medium	5.4	5.4	12d ago	phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags
CVE-2026-45009	medium	4.3	4.3	12d ago	phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check