24h | 7d | 30d

Overview

  • Splunk
  • Splunk Enterprise

15 Jul 2026
Published
16 Jul 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.38%

KEV

Description

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Splunk patched three Splunk Enterprise vulnerabilities: CVE-2026-20296 CSRF, CVE-2026-20297 path traversal, and CVE-2026-20298 credential exposure.

securityonline.info/splunk-ent

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Splunk
  • Splunk Enterprise

15 Jul 2026
Published
16 Jul 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.22%

KEV

Description

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Splunk patched three Splunk Enterprise vulnerabilities: CVE-2026-20296 CSRF, CVE-2026-20297 path traversal, and CVE-2026-20298 credential exposure.

securityonline.info/splunk-ent

  • 0
  • 1
  • 0
  • 14h ago

Overview

  • Microsoft
  • .NET 10.0

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.54%

KEV

Description

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

via @dotnet : .NET and .NET Framework July 2026 servicing releases updates

ift.tt/0YxwhW3
#dotnet #dotnetcore #dotnetframework #servicingupdates #July2026 #securityupdates #CVE2026 #CVE2026-47300 #CVE2026-47302 #CVE2026-47303 #CVE2026-47304 #CVE2026-5052…

  • 1
  • 0
  • 0
  • 18h ago

Overview

  • HashiCorp
  • Vault

17 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.33%

KEV

Description

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

via @dotnet : .NET and .NET Framework July 2026 servicing releases updates

ift.tt/0YxwhW3
#dotnet #dotnetcore #dotnetframework #servicingupdates #July2026 #securityupdates #CVE2026 #CVE2026-47300 #CVE2026-47302 #CVE2026-47303 #CVE2026-47304 #CVE2026-5052…

  • 1
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • .NET 10.0

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.81%

KEV

Description

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

via @dotnet : .NET and .NET Framework July 2026 servicing releases updates

ift.tt/0YxwhW3
#dotnet #dotnetcore #dotnetframework #servicingupdates #July2026 #securityupdates #CVE2026 #CVE2026-47300 #CVE2026-47302 #CVE2026-47303 #CVE2026-47304 #CVE2026-5052…

  • 1
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Microsoft .NET Framework 3.5

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.20%

KEV

Description

Improper verification of cryptographic signature in .NET allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

via @dotnet : .NET and .NET Framework July 2026 servicing releases updates

ift.tt/0YxwhW3
#dotnet #dotnetcore #dotnetframework #servicingupdates #July2026 #securityupdates #CVE2026 #CVE2026-47300 #CVE2026-47302 #CVE2026-47303 #CVE2026-47304 #CVE2026-5052…

  • 1
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • .NET 10.0

14 Jul 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.58%

KEV

Description

Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture fallback

via @dotnet : .NET and .NET Framework July 2026 servicing releases updates

ift.tt/0YxwhW3
#dotnet #dotnetcore #dotnetframework #servicingupdates #July2026 #securityupdates #CVE2026 #CVE2026-47300 #CVE2026-47302 #CVE2026-47303 #CVE2026-47304 #CVE2026-5052…

  • 1
  • 0
  • 0
  • 18h ago
Showing 51 to 57 of 57 CVEs