CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

CVE-2024-7577

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product...

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation in certain installation scenarios because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in befor...

PT-2020-5779 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is blog installed function in wp-includes/functions.php, which improperly checks if WordPress is already installed. This could allow a remote attacker to perform a new...

Directory traversal

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...