Lucene search
K

6564 matches found

NVD
NVD
added 2026/06/17 6:17 p.m.20 views

CVE-2026-20266

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which construct...

9.1CVSS0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 5:7 p.m.11 views

EUVD-2026-37768

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which construct...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 5:7 p.m.17 views

CVE-2026-20266 OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which construct...

9.1CVSS0.00469EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:7 p.m.31 views

CVE-2026-20266

Summary: CVE-2026-20266 affects Splunk AI Toolkit

9.1CVSS5.9AI score0.00469EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/17 5:7 p.m.19 views

CVE-2026-20265

Splunk AI Toolkit has a vulnerability in versions below 5.7.4 where a low-privilege user (not admin/power) can cause the toolkit to issue outbound HTTP requests to an attacker-controlled server due to an insecure default domain allowlist. This could enable data exfiltration. Root cause: outbound ...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 5:7 p.m.8 views

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 5:7 p.m.15 views

CVE-2026-20265 Insecure Default Domain Allowlist in Splunk AI Toolkit

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS0.00217EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 1:55 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...

10CVSS6.8AI score0.00924EPSS
Exploits9Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50501

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A low-privileged user without "admin" or "power" Splunk roles can force the application to make outbound HTTP requests to an attacker-controlled server, potentially leading to data...

4.3CVSS5.9AI score0.00217EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50502

Name of the Vulnerable Software and Affected Versions Splunk AI Toolkit versions prior to 5.7.4 Description A user with the "admin" Splunk role can execute arbitrary OS commands on the host running the Splunk Enterprise instance. This is caused by an unsafe shell execution pattern in the btool...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References8
OSV
OSV
added 2026/06/16 2:34 p.m.8 views

GHSA-P4GQ-832X-FM9V Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

7.5CVSS5.6AI score0.00378EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 2:34 p.m.13 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
OSV
OSV
added 2026/06/16 1:16 p.m.4 views

UBUNTU-CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:52 a.m.11 views

EUVD-2026-37068

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 11:52 a.m.20 views

CVE-2026-12322

CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...

5.4CVSS5.2AI score0.00165EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.31 views

CVE-2026-12322 Clickjacking issue in the Widget: Gtk component

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

0.00165EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/16 7:39 a.m.75 views

Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...

8.5CVSS5.8AI score0.01261EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49691

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A clickjacking issue exists in the Widget: Gtk component. Clickjacking is a technique where an attacker tricks a user into clicking something different from what the...

9.6CVSS5.8AI score0.00476EPSS
Exploits0References49
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:52 p.m.12 views

Malicious code in twrap-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....

6.5AI score
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2025-210161

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
Rows per page
Query Builder