CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.3 (SVD-2026-0202)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0202 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below...

CVE-2024-20137

In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727...

CVE-2022-20137

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Produc...

CVE-2025-20137

A vulnerability in the access control list ACL programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL a...

CVE-2025-20137

A vulnerability in the access control list ACL programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL a...

CVE-2023-20137

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers are affected by cross-site scripting (XSS) in the web-based management interface due to insufficient input validation. The vulnerability can be exploited by an unauthenticated, remote attacker who sends crafted HTTP reques...

CVE-2017-20137

A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql...

CVE-2017-20137

CVE-2017-20137 affects Itech B2B Script 4.28. A SQL injection vulnerability exists in the handling of /catcompany.php, triggered by crafting input such as 704667c6a1e7ce56d3d6fa748ab6d9af3fd7’ AND 6539=6539 AND ’Fakj’=’Fakj. The issue is exploitable remotely and the exploit has been disclosed pub...

CVE-2017-20137 Itech B2B Script catcompany.php sql injection

A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql...

CVE-2022-20137

creationtimestamp| type| source ---|---|--- 2022-06-15 16:20:04+00:00| seen| https://t.me/cibsecurity/44483...

CVE-2022-20137

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Produc...

CVE-2022-20137

CVE-2022-20137 affects Android 12/Android 12L. The issue resides in NetworkProviderSettings.java onCreateContextMenu, where a missing permission check could allow a non-owner user to change WiFi settings, enabling local elevation of privilege. Exploitation requires user interaction, and the impac...

CVE-2021-20137

creationtimestamp| type| source ---|---|--- 2021-12-09 18:24:08+00:00| seen| https://t.me/cibsecurity/33700 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-20137.yaml...

CVE-2021-20137

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/siteaccess/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution...

CVE-2021-20137

Gryphon Tower router web interface is affected by a reflected XSS in the URL parameter of /cgi-bin/luci/site_access/. An attacker can lure a user to a crafted link, causing JavaScript execution in the victim’s browser. The connected nuclei template confirms the impact; remediation is to upgrade t...

CVE-2021-20137

A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/siteaccess/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution...

CVE-2018-20137

XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI...

CVE-2018-20137

CVE-2018-20137 affects FUEL CMS 1.4.3. The vulnerability is a cross-site scripting flaw exposed in page data management, specifically via the Page title, Meta description, or Meta keywords in the pages/edit/1?lang=english URI. The connected documents confirm the issue but do not provide a fix or ...