5.4
CVE-2025-20356 - Cisco CyberVision Center Sensor Explorer Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-bβ¦
4.8
CVE-2025-20361 - Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a userβ¦
5.7
CVE-2025-20368 - Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inβ¦
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection dβ¦
7.5
CVE-2025-20371 - Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on beβ¦
5.7
CVE-2025-20367 - Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' β¦
In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of tβ¦
4.9
CVE-2025-20370 - Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specifiβ¦
6.5
CVE-2025-20366 - Improper Access Control in Background Job Submission in Splunk Enterprise
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administratβ¦
4.6
CVE-2025-20369 - Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Sβ¦
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injeβ¦
1.9
CVE-2023-50301 - IBM Transformation Extender Advanced information disclosure
IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
4.7
CVE-2025-41421 - Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client
Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows β in versions prior to 15.70 of TeamViewer Remote and Tensor β allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fileβ¦