CLEANSTART-2026-FO41609 Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2025-14333

Malicious code in bioql PyPI...

CVE-2025-32390 EspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeover

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base KB articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and...

Code injection

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0108)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0108 advisory. - In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input dat...

PT-2024-1283 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 Description: The issue is related to the incorrect sanitization of path input data, resulting in the unsafe deserialization of untrusted data from a separate disk partition on the...

PT-2024-1272 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3 Description: The issue is related to improper handling of permissions for users that use the REST application programming interface API in the Splunk app key...

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...