top of page
ALL POSTS
Critical Splunk Enterprise Vulnerability Enables Unauthenticated Remote Code Execution
Key Findings Critical vulnerability CVE-2026-20253 in Splunk Enterprise rated 9.8 on CVSS scale allows unauthenticated remote code execution Flaw exists in PostgreSQL sidecar service endpoint lacking authentication controls on versions below 10.0.7 and 10.2.4 Attackers can exploit /v1/postgres/recovery/backup and /v1/postgres/recovery/restore endpoints to write arbitrary files and execute malicious code Splunk Cloud unaffected; Splunk Enterprise 10.4 not vulnerable No evidenc
Jun 132 min read
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
Oracle Releases Emergency Patch for Critical RCE Vulnerability CVE-2026-21992 in Identity Manager
Key Findings Oracle released an emergency patch for CVE-2026-21992, a critical remote code execution vulnerability in Identity Manager and Web Services Manager The flaw has a CVSS score of 9.8 and requires no authentication, allowing attackers to execute code over HTTP Affected versions are Identity Manager 12.2.1.4.0 and 14.1.2.1.0, plus Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle classified the vulnerability as "easily exploitable" with low complexity No
Mar 222 min read
Microsoft Releases Emergency Patch for Critical Office Vulnerability
Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa
Jan 272 min read
bottom of page
