793 matches found
EUVD-2026-41458
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57925
JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...
PT-2026-52705
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...
Astra Linux – Vulnerability in Zabbix
Stored or persistent cross-site scripting XSS is a type of XSS attack where the attacker first sends the malicious payload to the web application. The application then stores the payload e.g., in a database or server-side text files. Eventually, the application inadvertently executes the payload...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. The warning occurs during the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...
CVE-2026-20259
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
CVE-2026-20259 Improper Access Control in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
CVE-2026-20259
CVE-2026-20259 affects Splunk Enterprise (below 10.2.4 and below 10.0.7) and Splunk Cloud Platform (below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, 9.3.2411.131). A user with the high-privilege capability edit_saved_search_owner can reassign saved search ownership to us...
EUVD-2026-36084
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0609)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0609 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12,...
PT-2026-48499
🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...
Splunk Enterprise 权限许可和访问控制问题漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...
CVE-2026-9281
The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...
CVE-2026-40102
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...
CVE-2026-44719
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...
CVE-2026-42557
A flaw was found in jupyterlab. This vulnerability allows a remote attacker to achieve arbitrary code execution by presenting a user with a specially crafted notebook containing a deceptive button in its pre-saved HTML cell output. When the user clicks this button, the CommandLinker component...
CVE-2026-35716
A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...
PT-2026-46013
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On MIPS architecture, the current thread info is defined as a global register variable located in $gp and is assigned a new address during kernel relocation. A bug in LLVM causes it to...