This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can…

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system…

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. Zafiyet…

In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn’t properly restrict access to an endpoint that is responsible for saving settings,…

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote…

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions…

Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role.…

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured…

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions…

A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability…