Lucene search
K

30 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 3:17 p.m.9 views

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00166EPSS
Exploits1References1
OSV
OSV
added 2026/02/18 6:24 p.m.6 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

5.7CVSS5.8AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 6:24 p.m.6 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

5.7CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 4:45 p.m.4 views

CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

3.5CVSS5.5AI score0.00222EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 4:45 p.m.6 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

3.5CVSS5.5AI score0.00222EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/02/18 4:45 p.m.15 views

CVE-2026-20137

CVE-2026-20137 affects Splunk Enterprise (multiple legacy branches) and Splunk Cloud Platform. A low-privilege user lacking admin/power roles can bypass SPL safeguards for risky commands when creating a Data Model containing an injected SPL query within an object, by exploiting a path traversal v...

5.7CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.7 views

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.3 (SVD-2026-0202)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0202 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below...

5.7CVSS5.8AI score0.00222EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/16 11:34 a.m.6 views

Important: Red Hat Security Advisory: python-urllib3 security update

An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this upda...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/04 7:16 p.m.8 views

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/21 9:22 p.m.24 views

CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Starting in version 0.20.2 and prior to version 1.2.0, the getSecretKey template function, while introduced for senhasegura Devops Secrets Management DSM provider, ha...

9.3CVSS0.00175EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/12 5:23 p.m.2 views

CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.5AI score0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/11/12 5:23 p.m.18 views

CVE-2025-20379

CVE-2025-20379 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power) can run a saved search with a risky command by leveraging the permissions of a higher-privileged user to bypass SPL safeguards, specifically via the /services/streams/search endpoint and th...

3.5CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/11/12 5:23 p.m.11 views

CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS0.00276EPSS
Exploits0References1
OSV
OSV
added 2025/11/05 9:21 p.m.8 views

MAL-2025-191924 Malicious code in wayspiritmcp-enconly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b075eb7116e55dd48db0e026ce51a42ec4e7e1e100b4b68c8a42d4b35411f749 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

6.7AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51916

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00464EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 10:2 p.m.31 views

CVE-2025-20226 Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

5.7CVSS0.00434EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 5:15 p.m.4 views

CVE-2024-36986

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics...

5.7CVSS5.8AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/14 5:24 p.m.23 views

CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...

8.1CVSS7.2AI score0.00587EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/14 5:24 p.m.31 views

CVE-2023-22939 SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...

8.1CVSS8.8AI score0.00587EPSS
Exploits0References2
Rows per page
Query Builder