PT-2026-39161

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...

PT-2025-48960

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116 Description A user with a role containing the change authentication high privilege capabili...

EUVD-2025-32028

Malicious code in bioql PyPI...

CVE-2025-20370

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

CVE-2025-20370

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability changeauthentication, could send multiple LDAP bind requests to a specific...

CVE-2025-20370

Summary (CVE-2025-20370) : Splunk Enterprise releases older than 10.0.1 and certain 9.x versions, plus Splunk Cloud Platform releases below specific 9.3.24xx/9.2.24xx builds, are affected. A user with the high-privilege capability change_authentication can send multiple LDAP bind requests to an i...

CVE-2025-43863

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

CVE-2013-0300

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...