Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-20240
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-05-20
CVE-2026-9087
A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-05-20
CVE-2026-44923
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-20
CVE-2026-44924
InfoScale VIOM 9.1.3 allows XSS.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-05-20
CVE-2026-44925
Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-05-20
CVE-2026-8486
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-05-20
CVE-2026-8487
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-05-20
CVE-2026-8488
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-05-20
CVE-2025-32750
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-20
CVE-2026-8485
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-05-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved