Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

524 matches found

NVD
NVDβ€’added 2026/05/20 6:16 p.m.β€’7 views

CVE-2026-20240

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial ...

6.5CVSS0.00053EPSS
Exploits0References1
Vulnrichment
Vulnrichmentβ€’added 2026/05/20 4:32 p.m.β€’5 views

CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial ...

6.5CVSS5.9AI score0.00053EPSS
Exploits0References1
CVE
CVEβ€’added 2026/05/20 4:32 p.m.β€’11 views

CVE-2026-20240

CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...

6.5CVSS5.9AI score0.00053EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBβ€’added 2026/05/20 4:32 p.m.β€’8 views

CVE-2026-20240

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial ...

6.5CVSS5.9AI score0.00053EPSS
Exploits0References2Affected Software2
Cvelist
Cvelistβ€’added 2026/05/20 4:32 p.m.β€’35 views

CVE-2026-20240 Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial ...

6.5CVSS0.00053EPSS
Exploits0References1
EUVD
EUVDβ€’added 2026/05/20 4:32 p.m.β€’6 views

EUVD-2026-31138

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the β€˜admin’ or β€˜power’ Splunk roles could cause a Denial ...

6.5CVSS5.9AI score0.00053EPSS
Exploits0References1
Positive Technologies
Positive Technologiesβ€’added 2026/05/20 12:0 a.m.β€’5 views

PT-2026-42213

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.11 Splunk Enterprise versions prior to 9.3.12 Splunk Cloud Platform versions prior to 10.4.2603.1 Splunk Cloud Platfo...

6.5CVSS5.9AI score0.00053EPSS
Exploits0References5
RedhatCVE
RedhatCVEβ€’added 2026/04/30 2:47 p.m.β€’2 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS6AI score0.00027EPSS
Exploits0References1
NVD
NVDβ€’added 2026/04/29 9:16 p.m.β€’2 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

7.3CVSS0.00027EPSS
Exploits0References2
Positive Technologies
Positive Technologiesβ€’added 2026/04/29 12:0 a.m.β€’4 views

PT-2026-36002

Name of the Vulnerable Software and Affected Versions B1 Free Archiver version 1.5.86 Description An issue exists where files extracted from downloaded archives bypass Windows Mark of the Web MotW protections. The software fails to propagate the Zone.Identifier alternate data streamβ€”a mechanism...

5.5AI score0.00027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBβ€’added 2026/04/29 12:0 a.m.β€’3 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00027EPSS
Exploits0References3
CVE
CVEβ€’added 2026/04/29 12:0 a.m.β€’6 views

CVE-2025-50328

CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...

7.3CVSS6.1AI score0.00027EPSS
Exploits0References2
Cvelist
Cvelistβ€’added 2026/04/29 12:0 a.m.β€’27 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

0.00027EPSS
Exploits0References2
EUVD
EUVDβ€’added 2026/04/29 12:0 a.m.β€’1 views

EUVD-2025-209592

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00027EPSS
Exploits0References2
Vulnrichment
Vulnrichmentβ€’added 2026/04/29 12:0 a.m.β€’1 views

CVE-2025-50328

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web MotW protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate dat...

6AI score0.00027EPSS
Exploits0References2
Packet Storm
Packet Stormβ€’added 2026/03/09 12:0 a.m.β€’124 views

πŸ“„ Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...

8.8CVSS5.9AI score0.46868EPSS
Exploits6
CNNVD
CNNVDβ€’added 2026/03/07 12:0 a.m.β€’2 views

WordPress plugin MailArchiver θ·¨η«™θ„šζœ¬ζΌζ΄ž

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.8CVSS5.8AI score0.00033EPSS
Exploits0References9
NVD
NVDβ€’added 2026/03/06 5:16 p.m.β€’2 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.00029EPSS
Exploits1References2
Packet Storm
Packet Stormβ€’added 2026/03/06 12:0 a.m.β€’123 views

πŸ“„ Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...

8.8CVSS6.3AI score0.46868EPSS
Exploits6
vulnersOsv
vulnersOsvβ€’added 2026/03/05 12:52 a.m.β€’1 views

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

8.2CVSS6.7AI score0.00009EPSS
Exploits2
Rows per page
Query Builder