Package impact
Packagist / phpmyfaq/phpmyfaq
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-35671 | high | 8.8 | 8.8 | 1h ago | phpMyFAQ: IDOR Account Takeover | |
| CVE-2026-35676 | high | 8.2 | 8.2 | 1h ago | phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att… | |
| CVE-2026-35675 | high | 8.2 | 8.2 | 1h ago | phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Email Enumeration | |
| CVE-2026-46367 | high | 7.6 | 7.6 | 13d ago | phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf… | |
| CVE-2026-35672 | high | 7.5 | 7.5 | 1h ago | phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers c… |