Lucene search
K

26 matches found

Cvelist
Cvelist
added 2026/02/18 4:45 p.m.21 views

CVE-2026-20137 Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

3.5CVSS0.00222EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 6:15 p.m.2 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/12 5:23 p.m.8 views

CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-27041

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00587EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-46562

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00778EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-26920

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00773EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51918

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 6:15 p.m.3 views

CVE-2024-53246

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, suc...

7.5CVSS5.7AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2024/12/10 6:15 p.m.22 views

CVE-2024-53244

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a...

5.7CVSS0.00464EPSS
Exploits0References1
NVD
NVD
added 2024/12/10 6:15 p.m.25 views

CVE-2024-53246

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, suc...

7.5CVSS0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/10 6:1 p.m.21 views

CVE-2024-53246 Sensitive Information Disclosure through SPL commands

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, suc...

5.3CVSS7.1AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 5:15 p.m.23 views

CVE-2024-36986

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics...

6.3CVSS0.00393EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 5:15 p.m.4 views

CVE-2024-36986

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics...

5.7CVSS5.8AI score0.00393EPSS
Exploits0References2
CVE
CVE
added 2024/07/01 4:30 p.m.76 views

CVE-2024-36986

Summary of CVE-2024-36986 (Splunk) : An authenticated Splunk user can bypass SPL safeguards for risky commands in Analytics Workspace by abusing a Search ID query flow. Impact is that a low-privilege, phishing-recruited user can execute commands with higher-privilege permissions, potentially lead...

6.3CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2024/07/01 4:30 p.m.30 views

CVE-2024-36986 Risky command safeguards bypass through Search ID query in Analytics Workspace

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics...

6.3CVSS0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 4:15 p.m.23 views

CVE-2024-29946 Risky command safeguards bypass in Dashboard Examples Hub

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into...

8.1CVSS7AI score0.00773EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.3 views

Splunk 命令注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...

8.1CVSS7.6AI score0.00773EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/16 12:0 a.m.36 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0205 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the display.page.search.patterns.sensitivity' search parameter...

8.8CVSS8AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 6:15 p.m.5 views

CVE-2023-22935

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects...

8.8CVSS5.8AI score0.00613EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.4 views

PT-2023-18778 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows a search to bypass safeguards for risky commands using the...

8.8CVSS7.4AI score0.00613EPSS
Exploits0References6
Rows per page
Query Builder