Lucene search
K

60 matches found

NVD
NVD
added 2026/06/17 6:17 p.m.11 views

CVE-2026-20265

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 12:32 a.m.8 views

EUVD-2026-36139

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.8 views

CVE-2026-53738

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.30 views

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.20 views

CVE-2026-53738

CVE-2026-53738 affects the WordPress plugin Copy & Delete Posts, up to version 1.5.4. The vulnerability stems from the cdp_action_handling AJAX handler, where any plugin-enabled non-admin role can invoke every operation, bypassing per-function capability checks. This enables attackers with an ena...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.10 views

PT-2026-48552

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp action handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.6 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.4AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 10:16 p.m.22 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:18 p.m.15 views

CVE-2026-34246

CtrlPanel CVE-2026-34246 affects versions 1.1.1 and earlier. The vulnerability is a Stored XSS in the admin role management interface where datatable() inserts $role->name and $role->color directly into HTML and a .rawColumns(['actions','name']) setting disables automatic escaping. An admin...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:18 p.m.15 views

EUVD-2026-30986

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 7:54 p.m.17 views

EUVD-2026-30615

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

8.1CVSS5.7AI score0.00284EPSS
Exploits1References1
NVD
NVD
added 2026/04/15 4:16 p.m.11 views

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

4.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:17 p.m.3 views

CVE-2026-20205

In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk internal index or possesses the high-privilege capability mcptooladmin could view users session and authorization tokens in clear text. The vulnerability would require either local access to the log...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:17 p.m.1 views

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/03/04 6:31 p.m.11 views

EUVD-2026-9426

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 6:16 p.m.7 views

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS0.00324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:18 p.m.3 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/04 5:18 p.m.10 views

CVE-2026-20003

Cisco Secure FMC Software’s REST API vulnerability enables authenticated remote SQL injection due to insufficient input validation. An attacker with valid credentials (Administrator, Security approver, Intrusion admin, Access admin, Network admin) could send crafted requests to read the database ...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 5:3 p.m.12 views

CVE-2026-20001

CVE-2026-20001 affects Cisco Secure FMC Software REST API. An authenticated, remote attacker with privileged user roles (Administrator, Security approver, Access admin, Network admin) can exploit inadequate input validation to perform SQL injection, potentially reading the database and certain OS...

6.5CVSS6AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.14 views

PT-2026-22967

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder