CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

244 matches found

CVE•added 2025/12/03 5:0 p.m.•17 views

CVE-2025-20384

CVE-2025-20384 affects Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.4, 10.0.2503.6, 9.3.2411.117.125. An unauthenticated attacker can inject ANSI escape codes into Splunk log files via improper validation at the /en-US/static/ endpoint, p...

5.3CVSS6.6AI score0.00339EPSS

Exploits1References1Affected Software2

CVE•added 2025/12/03 5:0 p.m.•10 views

CVE-2025-20385

CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...

4.8CVSS6.6AI score0.00232EPSS

Exploits0References1Affected Software2

CNNVD•added 2025/12/03 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An information disclosure vulnerability exists...

4.3CVSS5.8AI score0.00261EPSS

Exploits0References2

Positive Technologies•added 2025/12/03 12:0 a.m.•4 views

PT-2025-48956

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125 Description An unauthenticated attacker can inject American National Standards Institut...

5.3CVSS6.7AI score0.00339EPSS

Exploits1References4

Positive Technologies•added 2025/12/03 12:0 a.m.•5 views

PT-2025-48961

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions 9.2.10 through 9.4.6 Splunk Enterprise versions 9.3.8 Splunk Secure Gateway app versions below 3.7.28 Splunk Secure Gateway app versions 3.8.58 and below Splunk Secure Gatew...

6.5CVSS6.2AI score0.00357EPSS

Exploits0References7

CNNVD•added 2025/12/03 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

5.3CVSS7.1AI score0.00339EPSS

Exploits1References2

CNNVD•added 2025/12/03 12:0 a.m.•3 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

5.4CVSS6.4AI score0.0019EPSS

Exploits0References2

CNNVD•added 2025/12/03 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

4.8CVSS6AI score0.00232EPSS

Exploits0References2

CNNVD•added 2025/12/03 12:0 a.m.•3 views

Splunk Cloud Platform和Splunk Enterprise 代码问题漏洞

2.7CVSS6.7AI score0.00315EPSS

Exploits0References2

Positive Technologies•added 2025/12/03 12:0 a.m.•7 views

PT-2025-48960

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116 Description A user with a role containing the change authentication high privilege capabili...

2.7CVSS6.4AI score0.00315EPSS

Exploits0References6

NVD•added 2025/11/12 6:15 p.m.•6 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS0.00246EPSS

Exploits0References1

NVD•added 2025/11/12 6:15 p.m.•7 views

CVE-2025-20378

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the returnto parameter of the Splunk Web login endpoint. When an authenticated user...

6.1CVSS0.00205EPSS

Exploits0References1

OSV•added 2025/11/12 6:15 p.m.•4 views

CVE-2025-20378

6.1CVSS5.8AI score0.00205EPSS

Exploits0References1

CVE•added 2025/11/12 5:22 p.m.•10 views

CVE-2025-20378

CVE-2025-20378 affects Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9 and Splunk Cloud Platform below 10.0.2503.5, 9.3.2411.111, 9.3.2408.121. An unauthenticated attacker can craft a malicious URL using the return_to parameter of the Splunk Web login endpoint; when an authenticated ...

6.1CVSS6.4AI score0.00205EPSS

Exploits0References1Affected Software2

CNNVD•added 2025/11/12 12:0 a.m.•4 views

Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞

3.5CVSS6.4AI score0.00246EPSS

Exploits0References1

CNNVD•added 2025/11/12 12:0 a.m.•2 views

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

6.1CVSS6.3AI score0.00205EPSS

Exploits0References1

Positive Technologies•added 2025/11/12 12:0 a.m.•11 views

PT-2025-46679

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121 Description An unauthenticated attacker could construct a malicious URL utilizing the retur...

6.1CVSS6.4AI score0.00205EPSS

Exploits0References6

Positive Technologies•added 2025/11/12 12:0 a.m.•9 views

PT-2025-46680

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.9 through 9.4.5 Splunk Cloud Platform versions below 9.3.2411.116 Splunk Cloud Platform versions 9.3.2408.124 and below Splunk Cloud Platform versions below 10.0.2503.5...

3.5CVSS6.8AI score0.00246EPSS

Exploits0References6