📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...

CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

CVE-2013-6870

Cross-site scripting XSS vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-6773

Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges...

CVE-2013-6772

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking...

GHSA-9G4H-H484-3578 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-11621 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-QV3P-FMV3-9HWW vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-MWGR-84FV-3JH9 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-MR4H-QF9J-F665 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-FHC2-8QX8-6VJ7 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-6H4P-M86H-HHGH vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-V6R4-35F9-9RPW vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-6014 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-6015 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-12044 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

GHSA-7RX2-769V-HRWF vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...

CVE-2025-5999 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector...