In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterp...

AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of "logs_path", allowing Administrat...

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed ...

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization ...

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not ...