CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

SUSE CVE-2014-1572

The confirmcreateaccount function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attacke...

Synology DiskStation Manager OS Command Injection Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager, which allows...

CVE-2021-29083

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter...

CVE-2021-29083

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter...

Synology DiskStation Manager 操作系统命令注入漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager, which allows...

PT-2021-18072 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to the improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE, allowing remote authenticated users to...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

NETGEAR ProSAFE Network Management System MibController realName Directory Traversal Denial-of-Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

CVE-2018-19469

ArticleCMS through 2017-02-19 has XSS via the /updatepersonalinfomation realname or email parameter...

CVE-2018-19469

ArticleCMS through 2017-02-19 has XSS via the /updatepersonalinfomation realname or email parameter...

SQL Injection Vulnerability in the realName Parameter of the /www/index.php Page of Pleasant Reading Media's Digital Newspaper System

Joy Reading Kiosk Digital Newspaper System is a digital newspaper WEB management system. There is a SQL injection vulnerability in this product, the vulnerability URL is:/www/index.php?mod=admin&con=user&realName=, the vulnerability parameter is: realName, the attacker can use the vulnerability t...

CVE-2016-1525

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. dot dot in the realName parameter...

Netgear Management System NMS300 Directory Traversal Vulnerability

The Netgear Management System NMS300 is a network management system for diagnosing, controlling and optimizing network devices. A directory traversal vulnerability in the Netgear Management System NMS300's handling of the 'realName' parameter allows remote attackers to obtain arbitrary system fil...

CVE-2012-2156

Multiple cross-site scripting XSS vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the uemail parameter aka Authors Email field to manager/users.php, 2 the urealname parameter aka Authors Name field to manager/users.php, or 3 the...