Skip to main content

Cloud

27 CVEs product

Monthly

CVE-2025-11919 CRITICAL Act Now

Code execution against the shared multi-tenant Java runtime in Wolfram Cloud 14.2 is possible because the default JVM resolves classpath artifacts from a world-accessible `/tmp/` location shared across tenants on the same cloud instance. A co-tenant attacker who can write to `/tmp/UserTemporaryFiles/` can plant a malicious `.jar` or directory referenced by the JVM's `-init` startup file so the victim JVM loads attacker-controlled classes ahead of the legitimate library, executing code in the victim's session. No public exploit identified at time of analysis, though CVSS rates the issue 9.6 with a scope change reflecting cross-user/cross-tenant impact.

Information Disclosure Cloud
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-20975 MEDIUM This Month

Cloud versions up to 5.6.11 contains a vulnerability that allows attackers to access specific files in arbitrary path (CVSS 5.5).

Samsung Cloud
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-36989 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-36987 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk File Upload Cloud
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-36986 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-36982 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Splunk Cloud
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20851 MEDIUM This Month

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Cloud
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23677 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-23676 LOW Monitor

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-23675 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42578 HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Cloud
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46214 HIGH POC THREAT Act Now

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Splunk RCE Cloud
NVD GitHub
CVSS 3.1
8.8
EPSS
89.1%
CVE-2023-46213 MEDIUM This Month

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk XSS Cloud
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-32764 HIGH This Week

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloud Cloud Enterprise Client Folio Egov Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22949 MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Tigergraph Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-22951 HIGH POC This Week

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cloud Tigergraph Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-21448 LOW Monitor

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Cloud
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-21447 LOW Monitor

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33713 HIGH This Week

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24932 MEDIUM This Month

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Cloud
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2021-25368 HIGH This Week

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-15507 HIGH This Week

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Core Enterprise Connector Reporting Database +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-15506 CRITICAL Act Now

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Core Enterprise Connector Reporting Database +1
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-9945 CRITICAL Act Now

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Information Disclosure Cloud
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2018-14417 CRITICAL POC THREAT Act Now

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cloud
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.6%
CVE-2014-3476 PyPI MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Keystone Cloud
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2013-4365 HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Mod Fcgid Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.7%
EPSS 0% CVSS 9.6
CRITICAL Act Now

Code execution against the shared multi-tenant Java runtime in Wolfram Cloud 14.2 is possible because the default JVM resolves classpath artifacts from a world-accessible `/tmp/` location shared across tenants on the same cloud instance. A co-tenant attacker who can write to `/tmp/UserTemporaryFiles/` can plant a malicious `.jar` or directory referenced by the JVM's `-init` startup file so the victim JVM loads attacker-controlled classes ahead of the legitimate library, executing code in the victim's session. No public exploit identified at time of analysis, though CVSS rates the issue 9.6 with a scope change reflecting cross-user/cross-tenant impact.

Information Disclosure Cloud
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Cloud versions up to 5.6.11 contains a vulnerability that allows attackers to access specific files in arbitrary path (CVSS 5.5).

Samsung Cloud
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk File Upload Cloud
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Splunk +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Cloud
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Cloud
NVD
EPSS 89% CVSS 8.8
HIGH POC THREAT Act Now

In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Splunk RCE Cloud
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk XSS Cloud
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cloud Cloud Enterprise Client +1
NVD
EPSS 0% CVSS 4.9
MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Tigergraph Enterprise
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cloud Tigergraph Enterprise
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Cloud
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Cloud
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Core +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloud Core +3
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Information Disclosure Cloud
NVD
EPSS 90% CVSS 9.8
CRITICAL POC THREAT Act Now

A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cloud
NVD Exploit-DB
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Keystone Cloud
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy