PT-2026-33067

Name of the Vulnerable Software and Affected Versions Splunk MCP Server app versions prior to 1.0.3 Description A user with a role that has access to the Splunk internal index or the high-privilege capability mcp tool admin can view user session and authorization tokens in clear text. This issue...

EUVD-2018-7199

Malware in sbrugna...

CVE-2024-0795

If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an admin role and then be able to use this new account to have elevated privileges on the instance...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

ManageEngine SupportCenter Plus < 11.0 Build 11026 Multiple Vulnerabilities

The version of ManageEngine SupportCenter Plus prior to 11.0 Build 11026 is running on the remote web server. It is, therefore, affected by multiple vulnerabilities, including the following: - A remote code execution vulnerability due to a flaw in the Analytics Plus integration input field...

CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents...