Piotr (@chudyPB)

2 exploits Active since Dec 2025

CVE-2025-52691 NOMISEC CRITICAL SCANNER

SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

17 stars

CVSS 10.0

View Code

CVE-2026-20253 GITHUB CRITICAL python SCANNER

Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

1 stars

CVSS 9.8

View Code