302021 matches found
CVE-2026-20254
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that...
CVE-2026-11685
An insufficient data validation flaw was found in the MediaCapture component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517183713...
RLSA-2026:25052 Moderate: mysql:8.4 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026...
keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.6.3 Update
New Red Hat build of Keycloak 26.6.3 packages are available from the Customer Portal Red Hat build of Keycloak 26.6.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...
MAL-2026-5518 Malicious code in hello-dynamic (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 168dd7abca8ed812dcfb0119eaf80a2b05b186ee37a1e0c8f98e88f884a90602 Package attempts to test exploitation via legacy dependencylinks configuration --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages,...
CVE-2026-46612
Fission StorageSvc exposes archive CRUD endpoints (/v1/archive and /v1/archives) on the HTTP router without authentication prior to v1.23.0, allowing any caller within the same Kubernetes cluster to enumerate archive IDs, download archives from other tenants, upload arbitrary content, and delete ...
CVE-2026-20257
CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...
CVE-2026-20251 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or...
CVE-2026-20255 Improper Input Validation through Classic Dashboards in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...
EUVD-2026-36083
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...
CVE-2026-20251
CVE-2026-20251 affects Splunk Enterprise (versions below 10.2.4/10.0.7/9.4.12/9.3.13), Splunk Cloud Platform (below 10.3.2512.12/10.2.2510.14/10.1.2507.22/9.3.2411.132), and Splunk Secure Gateway (below 3.10.6/3.9.20/3.8.67). A low-privileged user (not admin/power) can achieve Remote Code Executi...
CVE-2026-20251 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or...
CVE-2026-20255
The CVE-2026-20255 issue affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privilege user can craft a malicious classic dashboard to exfiltrate sensitive data to an external ser...
CVE-2026-20256
Splunk Enterprise (versions < 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (versions
EUVD-2026-36080
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...
CVE-2026-20256 Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...
Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...
MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...