Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20755 matches found

RedhatCVE
RedhatCVEadded 2025/12/02 12:22 p.m.5 views

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

2.7CVSS6.6AI score0.00034EPSS
Exploits0References1
OSV
OSVadded 2025/12/01 8:38 p.m.6 views

BIT-FLUENT-BIT-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.9AI score0.00094EPSS
Exploits0References3
NVD
NVDadded 2025/11/26 6:15 p.m.3 views

CVE-2025-20373

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

2.7CVSS0.00034EPSS
Exploits0References1
CVE
CVEadded 2025/11/26 5:59 p.m.8 views

CVE-2025-20373

CVE-2025-20373 affects the Splunk Add-on for Palo Alto Networks (versions below 2.0.2). The issue is that client secrets are exposed in plaintext in the _internal index during the addition of new “Data Security Accounts.” Exploitation would require local access to log files or administrative acce...

2.7CVSS6.2AI score0.00034EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/26 5:59 p.m.2 views

CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

2.7CVSS6.2AI score0.00034EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/26 5:59 p.m.8 views

CVE-2025-20373 Sensitive Information Disclosure in “_internal“ index through Splunk Add-On for Palo Alto Networks

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

2.7CVSS0.00034EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/11/26 12:0 a.m.2 views

Splunk Add-on for Palo Alto Networks 日志信息泄露漏洞

Splunk Add-on for Palo Alto Networks is an add-on from Splunk, Inc. A log message disclosure vulnerability exists in Splunk Add-on for Palo Alto Networks versions prior to 2.0.2, which stems from exposing client keys in plaintext...

2.7CVSS6.5AI score0.00034EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/26 12:0 a.m.1 views

PT-2025-48163

In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the internal index during the addition of new “Data Security Accounts“. The vulnerability would require either local access to the log files or administrative access to internal indexe...

2.7CVSS6.6AI score0.00034EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/25 3:8 p.m.3 views

CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.9AI score0.00094EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/24 3:30 p.m.2 views

EUVD-2025-198811

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.5AI score0.00094EPSS
Exploits0References2
EUVD
EUVDadded 2025/11/24 3:30 p.m.1 views

EUVD-2025-198807

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS6.6AI score0.00196EPSS
Exploits0References2
OSV
OSVadded 2025/11/24 3:15 p.m.3 views

CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS7AI score
Exploits0References1
OSV
OSVadded 2025/11/24 3:15 p.m.4 views

AZL-71102 CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-4

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS5.8AI score0.00094EPSS
Exploits0References1
OSV
OSVadded 2025/11/24 3:15 p.m.5 views

AZL-71080 CVE-2025-12977 affecting package fluent-bit for versions less than 3.0.6-6

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS5.8AI score0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/24 2:42 p.m.2 views

CVE-2025-12978 CVE-2025-12978

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

6.7AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/24 2:40 p.m.7 views

CVE-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

0.00094EPSS
Exploits0References2
CVE
CVEadded 2025/11/24 2:40 p.m.21 views

CVE-2025-12977

Fluent Bit vulnerability CVE-2025-12977 affects the in_http, in_splunk, and in_elasticsearch input plugins. The root cause is improper sanitization of tag_key inputs, allowing special characters (e.g., newlines, ../) to be treated as valid tags. This can lead to newline injection, path traversal,...

9.1CVSS6.6AI score0.00094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/11/24 2:40 p.m.3 views

CVE-2025-12977 CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

6.6AI score0.00094EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/11/24 12:0 a.m.0 views

PT-2025-47923

Name of the Vulnerable Software and Affected Versions Fluent Bit versions affected versions not specified Description The in http, in splunk, and in elasticsearch input plugins in Fluent Bit do not properly sanitize tag key inputs. An attacker who can access the network or write records to Splunk...

9.4CVSS6.7AI score0.00094EPSS
Exploits0References15
RedhatCVE
RedhatCVEadded 2025/11/13 6:0 p.m.8 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.8AI score0.00029EPSS
Exploits0References1
Rows per page
Query Builder