CLEANSTART-2026-FO41609 Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-EW93264 Security fixes for GHSA-4CX2-FC23-5WG6, GHSA-6XW4-3V39-52MM, GHSA-72QJ-48G4-5XGX, GHSA-MR3Q-G2MV-MR4Q, GHSA-P543-XPFM-54CP, GHSA-VC5P-V9HR-52MJ, GHSA-VQG5-3255-V292 applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2025-41308

Name of the Vulnerable Software and Affected Versions Kibana versions 8.18.8, 8.19.5, 9.0.8, and 9.1.5 Description An issue exists in Kibana where improper neutralization of input during web page generation and improper validation of specified input types can lead to stored Cross-Site Scripting...

EUVD-2024-21148

Malicious code in bioql PyPI...

EUVD-2025-14333

Malicious code in bioql PyPI...

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

CVE-2024-23677

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

CVE-2024-23676

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

Code injection

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0108)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0108 advisory. - In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input dat...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0105)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0105 advisory. - In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store KV Store improperly handles permissions for...

PT-2024-1283 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 Description: The issue is related to the incorrect sanitization of path input data, resulting in the unsafe deserialization of untrusted data from a separate disk partition on the...

PT-2024-1272 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3 Description: The issue is related to improper handling of permissions for users that use the REST application programming interface API in the Splunk app key...

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

Service Update 0.9 for Microsoft Dynamics 365 9.0

Service Update 0.9 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.8 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.8. MORE INFORMATION Update package| Version number ---|--- Servi...

CVE-2018-16519

COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...

Apache Tomcat 'CORS Filter' Setting Security Bypass Vulnerability

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...