CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 3 days ago•4 views

MAL-2026-5342 Malicious code in kecak256 (npm)

5.5AI score

RedhatCVE•added last week•6 views

CVE-2026-20240

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial ...

6.5CVSS5.6AI score0.00053EPSS

Positive Technologies•added 2026/06/02 12:0 a.m.•3 views

PT-2026-48838

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5.4AI score

Exploits0References6

NVD•added 2026/05/20 6:16 p.m.•9 views

CVE-2026-20240

6.5CVSS0.00053EPSS

Vulnrichment•added 2026/05/20 4:32 p.m.•6 views

CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

CVE•added 2026/05/20 4:32 p.m.•13 views

CVE-2026-20240

CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/20 4:32 p.m.•8 views

CVE-2026-20240

Exploits0References2Affected Software2

EUVD•added 2026/05/20 4:32 p.m.•10 views

EUVD-2026-31138

Cvelist•added 2026/05/20 4:32 p.m.•37 views

CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

6.5CVSS0.00053EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42213

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.11 Splunk Enterprise versions prior to 9.3.12 Splunk Cloud Platform versions prior to 10.4.2603.1 Splunk Cloud Platfo...

RedhatCVE•added 2026/04/30 2:47 p.m.•2 views

Exploits0References5

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS6AI score0.00027EPSS

NVD•added 2026/04/29 9:16 p.m.•4 views

CVE-2025-50328

7.3CVSS0.00027EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•5 views

PT-2026-36002

Name of the Vulnerable Software and Affected Versions B1 Free Archiver version 1.5.86 Description An issue exists where files extracted from downloaded archives bypass Windows Mark of the Web MotW protections. The software fails to propagate the Zone.Identifier alternate data stream—a mechanism...

5.5AI score0.00027EPSS

Exploits0References4

ATTACKERKB•added 2026/04/29 12:0 a.m.•4 views

CVE-2025-50328

6AI score0.00027EPSS

Exploits0References3

CVE•added 2026/04/29 12:0 a.m.•11 views

CVE-2025-50328

CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...

7.3CVSS6.1AI score0.00027EPSS

Cvelist•added 2026/04/29 12:0 a.m.•30 views

CVE-2025-50328

0.00027EPSS

EUVD•added 2026/04/29 12:0 a.m.•3 views

EUVD-2025-209592

6AI score0.00027EPSS

Vulnrichment•added 2026/04/29 12:0 a.m.•1 views

CVE-2025-50328

6AI score0.00027EPSS