98 matches found
CVE-2026-20259
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
CVE-2026-20259 Improper Access Control in Splunk Enterprise
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
EUVD-2026-36084
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...
Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0609)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0609 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12,...
PT-2026-48499
šØ CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...
CVE-2026-29109
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
EUVD-2026-13374
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
CVE-2026-29109 SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
PT-2026-26447
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...
Malicious code in notification-saved-search-settings-podlet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-837 Malicious code in notification-saved-search-settings-podlet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...
CVE-2023-43813
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...
CVE-2025-13109
The HUSKY ā Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woofaddquery" and "woofremovequery" functions due to missing validation on a user controlled key. This makes it...
CVE-2025-9191
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...
WordPress Houzez plugin <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability
Authenticated Subscriber+ PHP Object Injection via Saved Search vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...
EUVD-2025-199719
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...
CVE-2025-9191
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...