3.1
CVE-2025-20325 - Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunβ¦
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-aβ¦
6.8
CVE-2025-20319 - Remote Command Execution through Scripted Input Files in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><bβ¦
5.4
CVE-2025-20324 - Improper Access Control in System Source Types Configuration in Splunk Enterprise
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.β¦
6.3
CVE-2025-20320 - Denial of Service (DoS) through βUser Interface - Viewsβ configuration page in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Viewsβ¦
4.3
CVE-2025-20300 - Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that aβ¦
5.9
CVE-2024-43190 - IBM Engineering Requirements Management DOORS weak authentication
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
5.3
CVE-2025-7138 - SourceCodester Best Salon Management System admin-profile.php sql injection
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be initiated remotely. The β¦
2.1
CVE-2025-53535 - Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes
Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This vulnerβ¦
5.3
CVE-2025-53532 - giscus allows unauthorized discussion creation
giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own selβ¦
8.7
CVE-2025-53531 - WeGIA allows Uncontrolled Resource Consumption via the fid parameter
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142 chβ¦