999 matches found
CVE-2026-20239
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...
Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...
Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...
MAL-2026-3876 Malicious code in @antv/dw-random (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
GHSA-RC8C-94M4-FRFH vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
GHSA-JG3H-4JH8-MFWR vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
CVE-2026-43100 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
CVE-2026-43098 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
GHSA-H53C-6597-VMFW vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
GHSA-585P-9MG2-6VMM vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
CVE-2026-43099 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
CVE-2026-31592 vulnerabilities
Vulnerabilities for packages: linux-gcp, linux-qemu, linux-azure, linux-vmware, linux-aws...
CVE-2026-44479
Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, hen the Vercel CLI runs in non-interactive mode --non-interactive or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads with suggested follow-up commands. If the us...
Claris FileMaker Cloud 安全漏洞
Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...
GHSA-2MH5-3CW6-HRRQ Spring Cloud Config has an Authorization Bypass Through User-Controlled Key
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...