24h | 7d | 30d

CVE-2026-20253

Overview

  • Splunk
  • Splunk Enterprise
10 Jun 2026
Published
11 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.

Statistics

  • 6 Posts
Last activity: 11 hours ago

Fediverse

Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Latest news (June 12-13, 2026): US-Iran interim deal talks advance, eyeing Strait of Hormuz reopening amid prior closure reports. SpaceX’s IPO soared past $2T on Nasdaq, marking a record. The US restricted Anthropic’s advanced AI models (Fable 5, Mythos 5) due to national security concerns. A critical Splunk Enterprise vulnerability (CVE-2026-20253) allowing remote code execution was patched.

#Geopolitics #Cybersecurity #TechNews

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
OffSequence @offseq

CRITICAL: Splunk Enterprise <10.0.7/10.2.4 hit by unauthenticated RCE (CVE-2026-20253) via exposed PostgreSQL sidecar endpoints. Patch ASAP! Splunk Cloud unaffected. Exploit details are public. radar.offseq.com/threat/splunk

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
The CyberSec Guru @guru

CVE-2026-20253: How Splunk’s Unauthenticated PostgreSQL Sidecar Becomes a Pre-Auth RCE in Five HTTP Requests

CVE-2026-20253 is a CVSS 9.8 unauthenticated RCE in Splunk Enterprise. An exposed PostgreSQL sidecar endpoint lets attackers write arbitrary files and execute code

thecybersecguru.com/news/cve-2

  • 0
  • 0
  • 0
  • 11h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
“Security Tool is the Backdoor”: Inside Splunk’s CVSS 98 Nightmare (CVE-2026-20253) Unauthenticated Attackers Can Wreak Havoc via a PostgreSQL Sidecar—Update Now. Introduction: A chilling irony has emerged in the cybersecurity world: a security tool designed to be your organization’s eyes and ears…
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
News Analysis @newsanalysis.com
Splunk Enterprise versions below 10.2.4 and 10.0.7 have a critical flaw (CVE-2026-20253) allowing unauthenticated attackers to execute code remotely. Update immediately to secure your systems. Splunk Cloud is not affected. #cybersecurity #News
  • 0
  • 0
  • 0
  • 14h ago
Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) #patchmanagement
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-50751

Overview

  • checkpoint
  • Quantum Security Gateway
08 Jun 2026
Published
10 Jun 2026
Updated
CVSS
Pending
EPSS
13.73%
KEV

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Statistics

  • 4 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-50751 : Bypass d'authentification critique exploité activement sur les VPN Check Point IKEv1 📝 ## 🔍 Contexte Publié l… https://cyberveille.ch/posts/2026-06-13-cve-2026-50751-bypass-d-authentification-critique-exploite-activement-sur-les-vpn-check-point-ikev1/ #CVE_2026_50751 #Cyberveille
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 CVE-2026-50751 : Bypass d'authentification IKEv1 dans les VPN Check Point (CVSS 9.3) 📝 ## 🔍 Contexte Le 12 juin 2026, watchTowr Labs publi… https://cyberveille.ch/posts/2026-06-13-cve-2026-50751-bypass-d-authentification-ikev1-dans-les-vpn-check-point-cvss-9-3/ #Authentication_Bypass #Cyberveille
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-50751 Deep Dive: The IKEv1 Authentication Bypass Fueling Qilin Ransomware Attacks + Video The cybersecurity community is once again reminded that legacy protocols are a persistent Achilles' heel for enterprise security. A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS…
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) - Help Net Security www.helpnetsecurity.com/2026/06/12/c...
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-35273

Overview

  • Oracle Corporation
  • PeopleSoft Enterprise PeopleTools
11 Jun 2026
Published
13 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
19.82%
KEV

Description

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
ThreatNoir @threatnoir

2026-W24 — Weekly Threat Roundup

🎯 Chinese hackers ran decade-long espionage using backdoored Linux authentication
🏫 Oracle zero-day CVE-2026-35273 exploited by ShinyHunters to ransack universities worldwide
🐧 400+ Arch Linux packages hijacked to deliver rootkit and credential stealer via npm typosquat
🤖 US government forces A…

threatnoir.com/weekly/2026-w24

  • 1
  • 0
  • 0
  • 11h ago
Profile picture fallback
Michael I Ransier @thecybermind

🛠️ TECHNICAL EXPLOIT PLAYBOOK: ORACLE PEOPLESOFT CVE-2026-35273 CONTANMENT: For the engineering frontline, the CISA KEV listing above requires an immediate shift from standard patching intervals to active threat hunting. This critical missing authentication flaw within the UEM component provides unauthenticated adversaries with direct network access over HTTP to achieve full environment takeover. thecybermind.co/w81b

  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-10520

Overview

  • ivanti
  • Sentry
09 Jun 2026
Published
12 Jun 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
42.70%
KEV

Description

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 Ivanti Sentry : injection de commandes OS pré-authentifiée critique (CVE-2026-10520, CVSS 10) 📝 ## 🔍 Contexte Publié le 10 juin 2026 par … https://cyberveille.ch/posts/2026-06-13-ivanti-sentry-injection-de-commandes-os-pre-authentifiee-critique-cve-2026-10520-cvss-10/ #CVE_2026_10520 #Cyberveille
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
Royans Tharakan @royans.bsky.social
Critical Root RCE and Auth Bypass in Ivanti Sentry CVE-2026-10520 & CVE-2026-10523 ##Ivanti ##RCE ##ZeroDay ##CISA ##VulnerabilityManagement https://flagthis.com/newsletter/2026/06/13#story-2662
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-12174

Overview

  • D-Link
  • DCS-935L
13 Jun 2026
Published
13 Jun 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.07%
KEV

Description

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-12174 (HIGH, CVSS 8.7): D-Link DCS-935L v1.10.01 has a format string vuln in /web/cgi-bin/greece/rhea. Remote attackers can exploit for code execution or DoS. No patch available — restrict device exposure. radar.offseq.com/threat/cve-20

  • 2
  • 0
  • 0
  • 14h ago

CVE-2026-12183

Overview

  • Nefteprodukttekhnika LLC
  • BUK TS-G Gas Station Automation System
13 Jun 2026
Published
13 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.19%
KEV

Description

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 17 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CVE-2026-12183 (CRITICAL, CVSS 9.3): Improper authentication in Nefteprodukttekhnika BUK TS-G Gas Station Automation (2.9.1 – 2.10.2) allows remote admin takeover. Restrict access, monitor endpoints! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 17h ago

CVE-2026-54420

Overview

  • LiteSpeed Technologies
  • cPanel Plugin
  • WHM and cPanel PlugIn
14 Jun 2026
Published
14 Jun 2026
Updated
CVSS v3.1
HIGH (8.5)
EPSS
0.06%
KEV

Description

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-54420: HIGH-severity symlink vulnerability in LiteSpeed cPanel Plugin v2.3 on CloudLinux/CageFS shared hosting. Exploited in the wild — no patch yet. Restrict FTP/web shell access & monitor for suspicious activity. radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 8h ago

CVE-2026-5513

Overview

  • ladela
  • Online Scheduling and Appointment Booking System – Bookly
13 Jun 2026
Published
13 Jun 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.03%
KEV

Description

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-5513: HIGH severity XSS in Bookly (<=27.2) via 'bookly-customer-full-name' cookie. Exploitable if 'Remember personal info in cookies' is enabled (disabled by default). No patch yet — disable vulnerable setting! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-47321

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
CVE-2026-47321 — IOC Radar socradar.io/free-tools/i...
  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-48907

Overview

  • joomlacontenteditor.net
  • Joomla Content Editor (JCE) extension for Joomla
05 Jun 2026
Published
05 Jun 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
3.18%
KEV

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-48907: Critical Unauthenticated RCE Flaw in Joomla Content Editor – Patch Now! + Video Introduction: Joomla’s popular third‑party Content Editor extension (often referred to as JCE or similar) is vulnerable to an unauthenticated remote code execution (RCE) flaw tracked as CVE‑2026‑48907.…
  • 0
  • 1
  • 0
  • 10h ago
Showing 1 to 10 of 38 CVEs