SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

Dell Unisphere for PowerMax vApp 跨站脚本漏洞

Dell Unisphere for PowerMax vApp is a virtualization management solution provided by the American company Dell. Version 9.2.4.x of Dell Unisphere for PowerMax vApp contains a cross-site scripting vulnerability. This vulnerability arises from improper input handling and may lead to cross-site...

CVE-2025-36589

Dell Unisphere for PowerMax, versions 9.2.4.x, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended...

CVE-2025-36351

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Global Gallery versions = 9.2.3...

CVE-2025-36595

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution...

PT-2024-35690 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.0 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Cloud Platform versions prior to 9.1.2312.206 Description: A low-privileged user without the "admin" or "powe...

CVE-2024-25946

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity...

CVE-2023-48671

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks...

CVE-2023-48665

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system...

SUSE CVE-2018-16510

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact...

SUSE CVE-2022-39328

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...

UBUNTU-CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

Race condition allowing privilege escalation

Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less than 9.2.4 contain a race condition in the authentication middlewares logic which may allow an unauthenticated user to query an administration endpoint under heavy load. This issue is patche...