Lucene search
K

133 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-36380

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00373EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-46557

Malicious code in bioql PyPI...

6.4CVSS5.3AI score0.00634EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-27034

Malicious code in bioql PyPI...

8.7CVSS6.4AI score0.00398EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27042

Malicious code in bioql PyPI...

6.3CVSS6AI score0.00429EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.13 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

4.3CVSS5.9AI score0.13093EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/22 1:32 p.m.9 views

CVE-2014-8301

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header...

4.3CVSS5.9AI score0.00942EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:30 p.m.8 views

CVE-2014-8302

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard...

3.5CVSS5.8AI score0.00759EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 a.m.4 views

CVE-2015-6515

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header...

4.3CVSS5.9AI score0.0136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.8 views

CVE-2014-5197

Directory traversal vulnerability in 1 Splunk Web or the 2 Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a URI, related to search ids...

4CVSS6.5AI score0.02217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.10 views

CVE-2014-5198

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.3 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header...

4.3CVSS5.8AI score0.01773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 a.m.8 views

CVE-2015-7604

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.0095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 a.m.11 views

CVE-2014-8303

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4 and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to event parsing...

4.3CVSS5.8AI score0.01351EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/26 12:0 a.m.7 views

The vulnerability in the Splunk Web platform for operational analysis of Splunk Enterprise’s web interface allows attackers to bypass security restrictions, increase their privileges, and execute arbitrary commands.

The vulnerability in the Splunk Web platform for operational analysis in Splunk Enterprise relates to insufficient protection of sensitive data when processing the /services/streams/search endpoint with the q parameter. Exploiting this vulnerability allows an attacker to bypass security...

6.8CVSS5.7AI score0.00434EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/31 12:0 a.m.8 views

The vulnerability in the web interface of the Splunk Web platform for operational analysis in Splunk Enterprise allows a attacker to perform a CSRF attack.

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...

7.8CVSS5.4AI score0.00218EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/30 12:0 a.m.6 views

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...

5.5CVSS5.2AI score0.00355EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.5 views

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a attacker to perform a CSRF attack.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...

4.3CVSS5.4AI score0.00214EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/15 12:0 a.m.9 views

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise allows a perpetrator to execute arbitrary code.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a file to the Windows system’s root directory...

9CVSS6AI score0.01092EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/14 5:15 p.m.4 views

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

5.4CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.4 views

PT-2024-7158 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 Splunk Cloud Platform versions prior to 9.1.2312.204 Descriptio...

4.3CVSS7.3AI score0.00214EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Bulletin Messages module in the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting...

5.5CVSS5.2AI score0.00302EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder