CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The issue arises from the lack of full validation of style attribute values in classic dashboard panels.
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can craft a malicious classic dashboard that exfiltrates sensitive data to an external server.
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user can craft a malicious dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, exploiting a validation flaw in the Trusted Domains security check.
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some Surface Controllers in the CMS fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks.
Umbraco is an ASP.NET CMS. Authenticated users can inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding.
Silverpeas through 6.4.6 mishandles the 'Personal space' feature when no componentId is set.
A stored cross-site scripting (XSS) vulnerability exists in the tag rendering code of MISP BSimVis. Several client-side rendering paths interpolate tag names, collection names, entity identifiers, cluster names, and tag metadata without appropriate context, allowing attackers to inject malicious code.
A stack-based buffer overflow vulnerability in Erlang OTP (erl_interface) allows for stack buffer overflow. The issue occurs in the ei_s_print_term function, which uses an internal 2000-character stack buffer to format terms.
A vulnerability relying on IP Address for Authentication in the inet_tls_dist module of Erlang/OTP allows unauthenticated bypass of the LAN allowlist for TLS distribution. The inet_tls_dist:check_ip/1 function incorrectly uses inet:sockname/1, leading to always successful subnet mask comparisons.
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh allows unauthenticated remote username enumeration via timing side-channel in password authentication. The timing difference in responses for valid and invalid usernames enables an attacker to distinguish them in a single authentication attempt.
A Server-Side Request Forgery (SSRF) vulnerability in the Erlang/OTP ftp_internal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The PASV handler does not validate the IP address, allowing a malicious FTP server to redirect the client's data connection to an arbitrary internal host and port.
Sensitive Data Exposure vulnerability in the httpc_response module of Erlang OTP allows retrieving embedded sensitive data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary.
A vulnerability in the ssh_sftpd module of Erlang OTP allows the exposure of sensitive information through file discovery. An authenticated SFTP client can create a symlink that reveals the absolute path to the SFTP root directory.
OpenFGA, an authorization engine, prior to version 1.16.0, had an issue with iterator caching where two distinct check requests could produce the same cache key. This led to the reuse of an earlier cached result for a subsequent request.
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the login flow improperly handles URLs, allowing for an open redirect attack.
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the server_ip path parameter in GET /history/<service>/<server_ip> is reused as a user-id when service == 'user', with no authorization check.
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the URL path component verbatim, which may lead to unauthorized access.

