6.3
CVE-2023-49881 - IBM Transformation Extender Advanced session fixation
IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
5.1
CVE-2025-34182 - Deciso OPNsense < 25.7.4 /interfaces_ppps_edit.php ptpid Stored XSS
In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly displayed when visiting the page/interfaces_assign.php, which can result in stored cross-site β¦
6.3
CVE-2025-11233 - Rust standard library didn't detect all path separators on Cygwin
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could miβ¦
5.4
CVE-2025-20357 - Cisco CyberVision Center Reports Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-bβ¦
5.4
CVE-2025-20356 - Cisco CyberVision Center Sensor Explorer Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-bβ¦
4.8
CVE-2025-20361 - Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a userβ¦
5.7
CVE-2025-20368 - Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inβ¦
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection dβ¦
7.5
CVE-2025-20371 - Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on beβ¦
5.7
CVE-2025-20367 - Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' β¦
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of tβ¦
4.9
CVE-2025-20370 - Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specifiβ¦