Lucene search
K

1959 matches found

NVD
NVD
added 2026/05/20 6:16 p.m.19 views

CVE-2026-20239

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 4:32 p.m.52 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 4:32 p.m.12 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 4:32 p.m.29 views

CVE-2026-20239

CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:32 p.m.10 views

CVE-2026-20239

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/05/20 4:32 p.m.17 views

EUVD-2026-31139

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42212

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Splunk Enterprise 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0503)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0503 advisory. - In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11,...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 9:52 p.m.13 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/19 2:46 p.m.14 views

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

9.3CVSS5.9AI score0.0023EPSS
Exploits0References3Affected Software3
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.10 views

CVE-2026-45228

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:17 p.m.59 views

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:17 p.m.7 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 4:17 p.m.30 views

CVE-2026-44511

Katalyst Koi (Rails admin framework) had a session-cookie handling flaw: before versions 4.20.0 and 5.6.0, admin session cookies were not invalidated at logout, allowing an attacker with a valid cookie to access admin functionality after logout until expiration or rotation. Affected versions incl...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 9:16 a.m.17 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/13 9:32 p.m.12 views

EUVD-2026-30173

Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...

5.4CVSS5.8AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/11 1:48 p.m.12 views

CVE-2022-50943

A flaw was found in Moodle LMS. An unauthenticated attacker can exploit a cross-site scripting XSS vulnerability by submitting malicious payloads through the search parameter. This allows the attacker to inject JavaScript code, leading to the execution of arbitrary scripts in users' browsers and...

6.1CVSS5.8AI score0.00331EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/10 3:31 p.m.19 views

EUVD-2022-55968

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

6.1CVSS6AI score0.00331EPSS
Exploits1References5
NVD
NVD
added 2026/05/10 1:16 p.m.49 views

CVE-2022-50943

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

6.1CVSS0.00331EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/10 12:12 p.m.11 views

CVE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

6.1CVSS6AI score0.00331EPSS
Exploits1References4
Rows per page
Query Builder