Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Boards API when file ownership and access control are not properly validated. An attacker can gain unauthorized access to and download files belonging to other users or teams by...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Boards API when file ownership and access control are not properly validated. An attacker can gain unauthorized access to and download files belonging to other users or teams by...

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

CVE-2026-26357

Dell Unisphere for PowerMax, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or...

CVE-2026-23861

CVE-2026-23861 affects Dell Unisphere for PowerMax vApp, 9.2.4.x. It is a Cross-site Scripting vulnerability caused by improper neutralization of input during web page generation. A low-privilege, remote attacker could inject malicious HTML/JavaScript into the victim’s browser within the vulnerab...

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

PT-2026-20353

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax versions 9.2.4.x Description Dell Unisphere for PowerMax versions 9.2.4.x contain an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. A low privileged attacker...

PT-2026-20313

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax vApp versions 9.2.4.x Description The software contains an Improper Neutralization of Input During Web Page Generation issue, also known as Cross-site Scripting. A low privileged attacker with remote access could...

Dell Unisphere for PowerMax 跨站脚本漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. The version 9.2.4.x of Dell Unisphere for PowerMax contains a cross-site scripting vulnerability, which arises from improper input handling and may lead to cross-site scripting attacks...

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the bulk retrieval endpoint. An attacker can exhaust system memory and...

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Fleet module. An attacker can cause excessive consumption of system...

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-05)

External Control of File Name or Path and Server-Side Request Forgery SSRF in Kibana Google Gemini Connector ESA-2026-05 External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially...

Dell Unisphere for PowerMax 代码问题漏洞

Dell Unisphere for PowerMax is a graphical management platform from Dell USA. A code issue vulnerability exists in Dell Unisphere for PowerMax version 9.2.4.x. The vulnerability stems from improperly restricting references to XML external entities, which could lead to unauthorized access to data...

Linux Distros Unpatched Vulnerability : CVE-2022-39328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the...

Linux Distros Unpatched Vulnerability : CVE-2024-31309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2...

Linux Distros Unpatched Vulnerability : CVE-2023-38522

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for...

PT-2024-9365 · Splunk · Splunk Secure Gateway App +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...

CVE-2023-38522

Summary (CVE-2023-38522) : Apache Traffic Server is affected by an incomplete validation of HTTP field names, allowing malformed requests to be forwarded to origin servers. This can enable request smuggling and potentially cache poisoning if the origin is vulnerable. Affected versions include 8.0...

GHSA-2X6G-H2HG-RQ84 Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...

Grafana Email addresses and usernames can not be trusted

Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes moderate severity security fixes for CVE-2022-39306. We are also releasing security patches for Grafana 8.5.15 to fix these issues. Release 9.2.4, latest patch, also containing security fix: - Download...