24h | 7d | 30d

CVE-2026-20253

Overview

  • Splunk
  • Splunk Enterprise
10 Jun 2026
Published
19 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
10.04%
KEV

Description

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

Statistics

  • 5 Posts
  • 3 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. thecybermind.co/xo4x

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
CyberNetsecIO @netsecio

📰 Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE

🚨 CRITICAL Splunk Enterprise flaw (CVE-2026-20253) allows unauthenticated RCE! CVSS 9.8. Attackers can execute code via an insecure PostgreSQL endpoint. On-premise versions 10.0.x and 10.2.x are vulnerable. Patch now! #Splunk #RCE #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/cr

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Here's a summary of recent geopolitical, technology, and cybersecurity news:

Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.

Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.

Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
halil deniz @halildeniz

🚨 Attention Splunk Users: The Threat is Still Active!

Despite security advisories, recent scans reveal that thousands of global Splunk systems remain unpatched against CVE-2026-20253. Threat actors are already actively scanning for this critical flaw.

This dangerous multi-stage exploit abuses the PostgreSQL sidecar service, allowing attackers to achieve full Pre-Auth RCE with zero authentication.
👉 denizhalil.com/2026/06/15/cve-

#Cybersecurity #Splunk #Vulnerability #RCE #Infosec #ThreatIntel

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
Best of r/cybersecurity @cybersecurity.page
A vulnerability in Splunk Enterprise (CVE-2026-20253) is under active exploitation with CISA mandating federal agencies to apply patches within three days to prevent unauthenticated remote code execution attacks.
  • 1
  • 2
  • 0
  • 18h ago

CVE-2026-9142

Overview

  • NI
  • grpc-device
19 Jun 2026
Published
19 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback.  This may allow an unauthenticated user access to the server on the local network.  This affects NI grpc-device 2.17.0 and prior versions.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-9142 - Critical RCE in Ni grpc-device. Insecure default credentials allow unauthenticated network access. CVSS 9.1. Update immediately. #CVE #infosec #cybersecurity

valtersit.com/cve/CVE-2026-914

  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
OffSequence @offseq

NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-50656

Overview

  • Microsoft
  • Microsoft Malware Protection Engine
16 Jun 2026
Published
19 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.34%
KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
maniabel @maniabel

Windows. Neuer Proof-of-Concept-Exploit von Chaotic Eclipse (aka Nightmare Eclipse) für
RoguePlanet ZeroDay in Defender.

Microsoft bestätigt, dass der RoguePlanet Zero-Day Microsoft Defender betrifft und als CVE-2026-50656 (CVSS-Score von 7,8) getrackt wird. Die Sicherheitslücke ermöglicht eine Rechteausweitung über die Microsoft Malware Protection Engine.

github.com/MSNightmare/RoguePl

#Microsoft #Windows #ZeroDay #infosec

  • 1
  • 0
  • 0
  • 21h ago

CVE-2026-47717

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
halil deniz @halildeniz

🚨 CVE-2026-47717: Dive into my deep technical analysis of the FUXA SCADA API logic flaw that allows unauthenticated attackers to leak critical project configurations and operational data.

Read the full analysis here: 👇 denizhalil.com/2026/06/19/cve-

#SCADA #infosec

  • 1
  • 0
  • 0
  • 21h ago

CVE-2026-46243

Overview

  • Linux
  • Linux
01 Jun 2026
Published
14 Jun 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.14%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating inputs. However, userspace can also create keys of this type through request_key(2) or add_key(2), allowing those fields to be supplied without CIFS origin. Only accept cifs.spnego descriptions while CIFS is using its private spnego_cred to request the key.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 20 hours ago

Fediverse

Profile picture fallback
AlmaLinux @almalinux

CIFSwitch (CVE-2026-46243) patched kernels are now in production for AlmaLinux 8, 9, and 10—verified by our community before release. almalinux.org/blog/2026-05-28-

  • 0
  • 1
  • 1
  • 20h ago

CVE-2026-47846

Overview

  • Bitnami
  • bitnami/cassandra
18 Jun 2026
Published
18 Jun 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-47846 - Critical supply chain attack in Bitnami Cassandra containers. Default superuser cassandra:cassandra retained after custom admin setup. CVSS 9.8. Update all affected images immediately. #CVE #Bitnami #infosec

valtersit.com/cve/CVE-2026-478

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-11911

Overview

  • eemitch
  • Simple File List
20 Jun 2026
Published
20 Jun 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The simplefilelist_edit_job AJAX action is registered via wp_ajax_nopriv_, making it accessible without authentication, and the is_admin() guard that would otherwise restrict access is bypassed because is_admin() always returns true for requests to the admin-ajax.php endpoint.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-48908

Overview

  • joomshaper.net
  • SP Page Builder extension for Joomla
20 Jun 2026
Published
20 Jun 2026
Updated
CVSS v4.0
CRITICAL (10.0)
EPSS
Pending
KEV

Description

A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CRITICAL vuln (CVSS 10) in Joomla SP Page Builder (1.0.0 – 6.6.1): CVE-2026-48908 enables unauthenticated PHP uploads, risking full compromise. No patch yet — restrict/disable extension, monitor activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-10846

Overview

  • NLnet Labs
  • ldns
10 Jun 2026
Published
10 Jun 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.15%
KEV

Description

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🛡️ CVE-2026-10846: biblioteca ldns do openSUSE permite envenenamento de cache DNS em aplicações stub resolver. Versões 1.2.0 a 1.9.0 afetadas. Saiba mais: -> tinyurl.com/2wacmj2d
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-9843

Overview

  • crmperks
  • Database for Contact Form 7, WPforms, Elementor forms
20 Jun 2026
Published
20 Jun 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
Pending
KEV

Description

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the view_page function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Successful exploitation requires an administrator to view or edit the poisoned form entry, at which point PHP's bracket parser reshapes the attacker-crafted JSON key to bypass the stored-path isset check and trigger deletion of the traversal-specified file.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago
Showing 1 to 10 of 32 CVEs