CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•21 views

CVE-2026-20253

CVE-2026-20253 affects Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14. The PostgreSQL sidecar service endpoint lacks authentication, allowing any network-reachable user to create or truncate arbitrary files. Remediation: u...

Cvelist•added 2 days ago•23 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

9.8CVSS0.00067EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-36088

Vulnrichment•added 2 days ago•5 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

Positive Technologies•added 2 days ago•7 views

PT-2026-48493

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.4 Splunk Enterprise versions prior to 10.0.7 Splunk Cloud Platform versions prior to 10.4.2604.3 Splunk Cloud Platform versions prior to 10.2.2510.14 Description An unauthenticated user can create or...

Positive Technologies•added 2 days ago•6 views

Exploits0References5

PT-2026-48512

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS5.4AI score0.00035EPSS

Exploits0References4

Tenable Nessus•added 2 days ago•2 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0603)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0603 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14,...

9.8CVSS5.7AI score0.00067EPSS

Exploits0References2

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46857

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00021EPSS

Exploits0References5

GithubExploit•added 2026/06/02 7:3 a.m.•51 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score

Snyk•added 2026/04/23 3:7 p.m.•3 views

Directory Traversal

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Directory Traversal through the Store.getFilename path resolution in the upload storage component. An attacker can escape the upload jail and read or overwrite files...

7.7CVSS6.3AI score0.00055EPSS

Exploits0References2

EUVD•added 2026/04/21 5:56 p.m.•5 views

EUVD-2026-24217

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.8AI score0.00017EPSS

Exploits1References2

Packet Storm News•added 2026/03/30 12:0 a.m.•1 views

Empowering Mobile Networks Security Resilience by Using Post-Quantum Cryptography

The transition to a cloud-native 5G Service-Based Architecture SBA improves scalability but exposes control-plane signaling to emerging quantum threats, including Harvest-Now, Decrypt-Later HNDL attacks. While NIST has standardized post-quantum cryptography PQC, practical, deployable integration ...

5.9AI score

Packet Storm News•added 2026/03/12 12:0 a.m.•12 views

OpenClaw PRISM: A Zero-Fork, Defense-In-Depth Runtime Security Layer for Tool-Augmented LLM Agents

Tool-augmented LLM agents introduce security risks that extend beyond user-input filtering, including indirect prompt injection through fetched content, unsafe tool execution, credential leakage, and tampering with local control files. We present OpenClaw PRISM, a zero-fork runtime security layer...

5.8AI score

OSV•added 2026/02/04 7:42 p.m.•3 views

GHSA-8398-GMMX-564H n8n has a Python sandbox escape

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

9.9CVSS6.4AI score0.00075EPSS

Exploits0References4

Github Security Blog•added 2026/02/04 7:42 p.m.•5 views

n8n has a Python sandbox escape

9.9CVSS6.4AI score0.00075EPSS

Exploits0References4Affected Software1

Wolfi•added 2026/01/19 7:48 p.m.•3 views

CVE-2026-23490 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, kubeflow-pipelines-visualization-server, open-webui, airflow, kubeflow-katib, py3-cassandra-medusa, kubeflow-volumes-web-app, kubeflow-pipelines, superset, kserve, dask-kubernetes, kubeflow-jupyter-web-app, mlflow...

7.5CVSS6.5AI score0.00032EPSS

Wolfi•added 2026/01/19 7:48 p.m.•3 views

GHSA-63VM-454H-VHHQ vulnerabilities

5.4AI score

Chainguard•added 2026/01/19 7:17 p.m.•4 views

GHSA-63VM-454H-VHHQ vulnerabilities

Vulnerabilities for packages: kserve, gitlab-cng, metaflow-service, mlflow, spamcheck, kubeflow-pipelines-visualization-server, authentik, label-studio, ansible-operator, gitlab-cng-fips, kubeflow-volumes-web-app, dbt-bigquery, kubeflow-jupyter-web-app, airflow, localstack, barman,...

5.4AI score

Chainguard•added 2026/01/19 7:17 p.m.•3 views

CVE-2026-23490 vulnerabilities

7.5CVSS6.5AI score0.00032EPSS