Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.9 CRITICAL
CVE-2026-50563 — Fission Container Executor Function PodSpec Injection Leading to Node Escape

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor pat…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.9 CRITICAL
CVE-2026-50545 — Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.pod…

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.5 HIGH
CVE-2026-49824 — Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission w…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49823 — Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission we…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49822 — Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenan…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who co…

Remote | Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.7 HIGH
CVE-2026-49821 — Fission: Cross-namespace Environment reference in Package allows build-time command execu…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller …

Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.1 MEDIUM
CVE-2026-46642 — draw.io: XSS via crafted cell label when opening a .drawio file

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …

drawio | Remote | Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
6.9 MEDIUM
CVE-2026-46618 — Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command,…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security swee…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.7 HIGH
CVE-2026-46617 — Fission runtime pods automount the fission-fetcher service-account token into the user fu…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were create…

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.8 CRITICAL
CVE-2026-46614 — Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing inv…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an …

Remote | Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.8 HIGH
CVE-2026-46612 — Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function ar…

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component…

Remote | Authentication
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
8.1 HIGH
CVE-2026-45062 — FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Fil…

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…

frankenphp | Remote | Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
4.3 MEDIUM
CVE-2026-20260 — Log Injection through HTTP Request Paths in Splunk SOAR

In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR ap…

soar | Injection
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.5 MEDIUM
CVE-2026-20259 — Improper Access Control in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds…

| Authorization
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
7.1 HIGH
CVE-2026-20258 — Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…

| Cross-Site Scripting
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-20257 — Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…

| Server-Side Request Forgery
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-20256 — Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk E…

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…

| Information Disclosure
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-20255 — Improper Input Validation through Classic Dashboards in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…

| Server-Side Request Forgery
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
5.7 MEDIUM
CVE-2026-20254 — Information Disclosure through External Content Restriction Bypass in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…

| Server-Side Request Forgery
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
9.8 CRITICAL
CVE-2026-20253 — Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service En…

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through …

| Misconfiguration
Jun 10, 2026 Jun 10, 2026
Jun 10, 2026
Jun 10, 2026
Showing 20 of 7468 Results