Lucene search
+L

812 matches found

Cvelist
Cvelist
added 2026/06/10 5:16 p.m.35 views

CVE-2026-20259 Improper Access Control in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

Splunk Enterprise 权限许可和访问控制问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an access control...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0609)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0609 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12,...

5.5CVSS5.4AI score0.00189EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/06 1:26 a.m.9 views

CVE-2026-9281

The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...

6.4CVSS5.7AI score0.00214EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.13 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44719

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...

5.3CVSS5.5AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42557

A flaw was found in jupyterlab. This vulnerability allows a remote attacker to achieve arbitrary code execution by presenting a user with a specially crafted notebook containing a deceptive button in its pre-saved HTML cell output. When the user clicks this button, the CommandLinker component...

9.6CVSS6.1AI score0.00386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.11 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS6.5AI score0.00322EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On MIPS architecture, the current thread info is defined as a global register variable located in $gp and is assigned a new address during kernel relocation. A bug in LLVM causes it to...

7.3CVSS5.1AI score0.00128EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/25 11:19 p.m.12 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References3
NVD
NVD
added 2026/05/25 9:16 p.m.23 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 9:16 p.m.8 views

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.17 views

PT-2026-43120

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 2.0-alpha through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description An issue exists in the shiro-jakarta-ee integration module where the shiroSavedRequest cookie is not validated after a successful login. This allows a...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 8:16 p.m.10 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS0.00419EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/22 7:39 p.m.10 views

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/22 7:39 p.m.10 views

CVE-2026-40607 MantisBT is Vulnerable to Stored XSS Through its Saved-Filter Owner Column

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 7:39 p.m.12 views

EUVD-2026-31495

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:39 p.m.6 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder