20747 matches found
CVE-2025-11621 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-MWGR-84FV-3JH9 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-FHC2-8QX8-6VJ7 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-6H4P-M86H-HHGH vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-6C5R-4WFC-3MCX vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
CVE-2025-6037 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-VP5W-XCFC-73WF vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-9G4H-H484-3578 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-QGJ7-FMQ2-6CC4 vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-V6R4-35F9-9RPW vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
GHSA-QV3P-FMV3-9HWW vulnerabilities
Vulnerabilities for packages: splunk-otel-collector-fips, splunk-otel-collector...
Exploit for Function Call With Incorrectly Specified Argument Value in Splunk
No d...
CVE-2025-20381
In Splunk MCP Server app versions below 0.2.4, a user with access to the "runsplunkquery" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities include several issues, including the ability for low-privileged users to create unauthorized dashboards, access sensitive information via mobile notifications, and the injection of ANSI escape...
Exploit for Improper Output Neutralization for Logs in Splunk
SPLUNK CVE-2025-20384 i dunno, i just read stuff my friendo s...
CVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20389
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the...
CVE-2025-20383
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...
CVE-2025-20388
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability changeauthentication could enumerate internal IP addresses and network por...
CVE-2025-20384
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute ANSI escape codes into Splunk log files due to improper...