Lucene search
K

793 matches found

EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

5.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added last week36 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added last week21 views

CVE-2026-57925

JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52705

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

Stored or persistent cross-site scripting XSS is a type of XSS attack where the attacker first sends the malicious payload to the web application. The application then stores the payload e.g., in a database or server-side text files. Eventually, the application inadvertently executes the payload...

5.4CVSS5.2AI score0.00478EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. The warning occurs during the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...

5.5CVSS5.5AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 6:16 p.m.12 views

CVE-2026-20259

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.27 views

CVE-2026-20259 Improper Access Control in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 5:16 p.m.23 views

CVE-2026-20259

CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...

5.5CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/10 5:16 p.m.11 views

EUVD-2026-36084

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS5.5AI score0.00189EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0609)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0609 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12,...

5.5CVSS5.4AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 1:26 a.m.5 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS5.7AI score0.00214EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44719

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...

5.3CVSS5.5AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42557

A flaw was found in jupyterlab. This vulnerability allows a remote attacker to achieve arbitrary code execution by presenting a user with a specially crafted notebook containing a deceptive button in its pre-saved HTML cell output. When the user clicks this button, the CommandLinker component...

9.6CVSS6.1AI score0.00386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.8 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS6.5AI score0.00365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On MIPS architecture, the current thread info is defined as a global register variable located in $gp and is assigned a new address during kernel relocation. A bug in LLVM causes it to...

7.3CVSS5.1AI score0.00128EPSS
Exploits0
Rows per page
Query Builder