CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-46612	Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives_CVE-2026-46612 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE
HIGH 8.1	CVE-2026-45062	FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files_CVE-2026-45062 FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.o...	php	frankenphp >= 1.11.2, < 1.12.3	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-20260	Log Injection through HTTP Request Paths in Splunk SOAR_CVE-2026-20260 In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National ...	Splunk	Splunk SOAR 8.5	Jun 10, 2026	CVE
MEDIUM 5.5	CVE-2026-20259	Improper Access Control in Splunk Enterprise_CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507....	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
HIGH 7.1	CVE-2026-20258	Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise_CVE-2026-20258 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20257	Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise_CVE-2026-20257 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20256	Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise_CVE-2026-20256 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20255	Improper Input Validation through Classic Dashboards in Splunk Enterprise_CVE-2026-20255 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20254	Information Disclosure through External Content Restriction Bypass in Splunk Enterprise_CVE-2026-20254 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
CRITICAL 9.8	CVE-2026-20253	Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise_CVE-2026-20253 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated us...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE