Splunk Universal Forwarder 9.4.0 < 9.4.11 (SVD-2026-0506)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0506 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

[SECURITY] Fedora 44 Update: dnsmasq-2.92rel2-9.fc44

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

MAL-2026-3287 Malicious code in ams-ssk (npm)

Malicious npm package published by user shetty123 as part of a Telegram account hijacking framework targeting Indian Telegram users. All 31 published versions 1.0.0 through 1.0.33 are malicious. Pairs with common-tg-service, which performs the client-side Telegram account takeover. ams-ssk is the...

Splunk Universal Forwarder 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.4, 10.2.0 < 10.2.1 (SVD-2026-0404)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0404 advisory. - Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE uni...

CVE-2026-31421

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

Splunk Universal Forwarder 10.0.0 < 10.0.4, 10.2 < 10.2.1 (SVD-2026-0314)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0314 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the PFCP Session Modification Request process. An attacker can cause the service to crash and disrupt connectivity for all connected users by sending a specially crafted request with an invalid SDF Filter...

Splunk Universal Forwarder 9.2.0 < 9.2.12, 9.3.0 < 9.3.9, 9.4.0 < 9.4.7, 10.0.0 < 10.0.3 (SVD-2026-0210)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0210 advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an...

CVE-2026-24902

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

CVE-2026-24902 TrustTunnel has SSRF and private network restriction bypass via numeric address destinations

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

CVE-2026-24902

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

CVE-2013-6773

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges...

SUSE CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-20387

CVE-2025-20387 affects Splunk Universal Forwarder for Windows. The issue, observed in versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, arises when installing or upgrading to an affected build, causing incorrect permissions in the Forwarder installation directory. This misconfiguration allows non-...

CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...