Lucene search
K

123 matches found

NCSC
NCSC
added 2026/06/19 12:42 p.m.36 views

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified several vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These vulnerabilities concern various components of Splunk Enterprise and Splunk Cloud Platform. Splunk has classified the vulnerability with the identifier CVE-2026-20253 as a critical vulnerability in...

9.8CVSS6.9AI score0.88171EPSS
Exploits6References9
Nuclei
Nuclei
added 2026/06/19 11:10 a.m.9 views

Splunk Enterprise & Cloud Platform - Unrestricted File Upload

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS6.2AI score0.88171EPSS
Exploits5References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/18 12:0 a.m.9 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
In wildExploits5References5
The Hacker News
The Hacker News
added 2026/06/13 1:23 p.m.26 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.88171EPSS
Exploits5
NVD
NVD
added 2026/06/10 6:16 p.m.244 views

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.88171EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:16 p.m.13 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS5.9AI score0.88171EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/06/10 5:16 p.m.47 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.88171EPSS
Exploits5References1
EUVD
EUVD
added 2026/06/10 5:16 p.m.10 views

EUVD-2026-36088

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS5.6AI score0.88171EPSS
Exploits5References1
CVE
CVE
added 2026/06/10 5:16 p.m.295 views

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

9.8CVSS5.8AI score0.88171EPSS
In wildExploits5References3Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Cloud Platform和Splunk Enterprise 访问控制错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Vulnerabilities in access control...

9.8CVSS5.8AI score0.88171EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48512

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS5.4AI score0.00301EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

Splunk Enterprise 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0603)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0603 advisory. - In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14,...

9.8CVSS6.3AI score0.88171EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48493

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 10.2 through 10.2.3 Splunk Enterprise versions 10.0 through 10.0.6 Description An unauthenticated user can create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. This issue occurs because t...

9.8CVSS6.8AI score0.88171EPSS
Exploits5References169
OSV
OSV
added 2026/06/08 2:58 p.m.8 views

CLEANSTART-2026-NN42198 Security fixes for CVE-2024-35195, CVE-2024-47081, CVE-2025-8869, CVE-2026-1703, CVE-2026-25645, CVE-2026-3219, CVE-2026-44431, CVE-2026-44432, CVE-2026-45409, CVE-2026-48710, CVE-2026-6357, ghsa-58qw-9mgm-455v, ghsa-65pc-fj4g-8rjx, ghsa-jp4c-xjxw-mgf9, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 1.25.2-r0, 2.2.3-r0, 2.2.3-r1

Multiple security vulnerabilities affect the k8s-sidecar package. These issues are resolved in later releases. See references for individual vulnerability details...

8.9CVSS6.5AI score0.01438EPSS
Exploits4References28
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46857

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/02 7:3 a.m.76 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/23 3:7 p.m.6 views

Directory Traversal

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Directory Traversal through the Store.getFilename path resolution in the upload storage component. An attacker can escape the upload jail and read or overwrite files...

7.7CVSS6.3AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 5:56 p.m.7 views

EUVD-2026-24217

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.2 views

Empowering Mobile Networks Security Resilience by Using Post-Quantum Cryptography

The transition to a cloud-native 5G Service-Based Architecture SBA improves scalability but exposes control-plane signaling to emerging quantum threats, including Harvest-Now, Decrypt-Later HNDL attacks. While NIST has standardized post-quantum cryptography PQC, practical, deployable integration ...

5.9AI score
Exploits0
Rows per page
Query Builder