Information Disclosure in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

EUVD-2026-14982

Astro: Unauthenticated Path Override via x-astro-path / xastropath...

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview @astrojs/vercel is a Deploy your site to Vercel Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the x-astro-path header or xastropath query parameter, which allows overriding internal request paths without authentication. An...

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

PT-2026-27487

Name of the Vulnerable Software and Affected Versions Astro versions prior to 10.0.2 Description Astro, a web framework, contains a flaw in the @astrojs/vercel serverless entrypoint. Versions prior to 10.0.2 do not authenticate requests using the x-astro-path header or x astro path query paramete...

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

CVE-2026-2954

Dromara UJCMS 10.0.2 is affected in the ImportDataController.importChanel (file /api/backend/ext/import-data/import-channel). The root cause is injection via manipulation of the arguments driverClassName and url, enabling remote exploitation. Public exploit details exist. Red Hat and PT-Security ...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...

CVE-2025-14840

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

MAL-2025-192259 Malicious code in unified11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da60b6c513002dadf0ea32c3293c0c1f0e73d8db20f85baf9b207fff1311569 The package unified11 was found to contain malicious code. Source: ghsa-malware 0234999818b5c6447b46c2551778c8daea15a41767afd1270af691c637d8ea9d Any...

CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, which stems from improperly assigned permissions during installation or upgrade,...

PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-41248

This High severity vulnerability known as CVE-2025-41248 was introduced in 10.0.0 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends that Bitbucket Data Center and Server customers...

CVE-2025-49042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 10.0.2...

WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin WooCommerce versions = 10.0.2...