Lucene search
K

8709 matches found

CVE
CVE
added 2026/06/10 5:16 p.m.52 views

CVE-2026-20252

Splunk Enterprise and Splunk Cloud Platform are affected by CVE-2026-20252 due to an SSRF in Dashboard Studio PDF export. A low-privilege user (not admin/power role) can cause server-side requests to arbitrary internal destinations by abusing the PDF export feature. Root cause: trusted-domain val...

7.6CVSS5.6AI score0.00255EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 2:16 p.m.18 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS0.00151EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:36 p.m.11 views

EUVD-2026-36004

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 12:36 p.m.34 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS0.00151EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 12:36 p.m.88 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource-consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie can cause unbounded queue growth and exponential...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 12:36 p.m.11 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.10 views

Splunk Enterprise 服务端请求伪造漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There are code vulnerabilities in...

7.6CVSS6AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48406

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48492

🚨 CVE-2026-20252 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send...

7.6CVSS5.4AI score0.00255EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0602)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0602 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3,...

7.6CVSS5.6AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 1:16 p.m.14 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:54 a.m.24 views

CVE-2026-11764

CVE-2026-11764 describes a data exposure where exporting all reusable media includes gift card secrets, even for users without permission to view gift cards. This indicates a permission boundary bypass, since the UI/API only reveal partial (first letters) of the secret, yet the export leaks full ...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:54 a.m.10 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:54 a.m.30 views

CVE-2026-11764 Data exposed without proper permission

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 11:4 p.m.6 views

GHSA-3H6H-67X3-CV5X Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 11:4 p.m.12 views

Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47544

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47615

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Poweradmin version 4.4.0 Description The log export functionality is susceptible to CSV Injection Formula Injection, which occurs when user-controlled data is written to...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References12
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: libpq

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

8.8CVSS5.8AI score0.00558EPSS
Exploits0
Rows per page
Query Builder