In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation...
8.1CVSS
7.9AI Score
0.001EPSS
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the userβs machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...
6.1CVSS
6.2AI Score
0.001EPSS
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL...
9.8CVSS
9.8AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary...
5.9AI Score
0.0004EPSS
Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain...
7.6AI Score
0.005EPSS