Lucene search
K

999 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/20 4:32 p.m.10 views

CVE-2026-20239

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

6.5CVSS5.8AI score0.00396EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 12:0 a.m.13 views

MAL-2026-3876 Malicious code in @antv/dw-random (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.9 views

GHSA-RC8C-94M4-FRFH vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.10 views

GHSA-JG3H-4JH8-MFWR vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.36 views

CVE-2026-43100 vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.5CVSS6.1AI score0.00121EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.16 views

CVE-2026-43098 vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.5CVSS6.1AI score0.00123EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.10 views

GHSA-R5QW-5M8Q-6774 vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.8 views

GHSA-H53C-6597-VMFW vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.10 views

GHSA-585P-9MG2-6VMM vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.13 views

CVE-2026-43099 vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

7.5CVSS7.1AI score0.0049EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/16 1:18 a.m.14 views

CVE-2026-31592 vulnerabilities

Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...

5.5CVSS5.9AI score0.00122EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:36 p.m.5 views

CVE-2026-44479

Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Claris FileMaker Cloud 安全漏洞

Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...

7.2CVSS6AI score0.00461EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS
Exploits3References2
OSV
OSV
added 2026/05/07 4:48 p.m.3 views

GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

9.3CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/07 6:31 a.m.4 views

GHSA-2MH5-3CW6-HRRQ Spring Cloud Config has an Authorization Bypass Through User-Controlled Key

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 3:55 a.m.78 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:55 a.m.5 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder