Lucene search
K

58 matches found

CVE
CVE
added 2026/06/10 5:16 p.m.24 views

CVE-2026-20259

CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...

5.5CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.37 views

CVE-2022-31155

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...

4.3CVSS6.9AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/03 12:29 p.m.17 views

CVE-2025-13109 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...

4.3CVSS0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

WordPress plugin HUSKY 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.3AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48008

The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $ GET superglobal array directly into the database via update user meta when users save search...

6.1CVSS5.2AI score0.00219EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.9 views

PT-2025-46680

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.9 through 9.4.5 Splunk Cloud Platform versions below 9.3.2411.116 Splunk Cloud Platform versions 9.3.2408.124 and below Splunk Cloud Platform versions below 10.0.2503.5...

3.5CVSS6.8AI score0.00246EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.1 (SVD-2025-1102)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1102 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116,...

3.5CVSS5.8AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-10653

Malware in sbrugna...

5.3CVSS6.4AI score0.02256EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.31 views

EUVD-2022-52771

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00417EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/02 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.8, 9.3.0 < 9.3.6, 9.4.0 < 9.4.4 (SVD-2025-1003)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1003 advisory. - In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108,...

5.7CVSS5.9AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2025/10/01 4:8 p.m.14 views

CVE-2025-20368

CVE-2025-20368 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can craft a malicious payload via error messages and saved-search/job-inspector details, potentially causing unauthorized JavaScript execution in a user’s browser (XSS). Affected vers...

5.7CVSS6.5AI score0.00335EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/01 4:8 p.m.7 views

CVE-2025-20368 Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection...

5.7CVSS0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

Splunk Enterprise和Splunk Cloud Platform 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

5.7CVSS6.2AI score0.00335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-43813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perfor...

8.8CVSS7.9AI score0.30915EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-29889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches...

8.1CVSS5.8AI score0.6296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-9858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. A...

5.3CVSS6.2AI score0.02256EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.4 views

Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An information disclosure vulnerability exists...

5.7CVSS6AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2024/05/07 2:15 p.m.4 views

UBUNTU-CVE-2024-29889

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

8.1CVSS5.9AI score0.6296EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/07 2:5 p.m.18 views

CVE-2024-29889 GLPI contains an SQL injection through the saved searches

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

7.1CVSS7.5AI score0.6296EPSS
Exploits0References2
Rows per page
Query Builder