84 matches found
CVE-2026-20296
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
CVE-2026-20296
The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...
CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
EUVD-2026-44737
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
CVE-2026-20296
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
PT-2026-60233
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Cloud Platform versions prior to 10.5.2605.0 Splunk Cloud Platfo...
EUVD-2019-1525
Malware in sbrugna...
EUVD-2019-10040
Malware in sbrugna...
EUVD-2009-3092
Malware in sbrugna...
EUVD-2019-9864
Malware in sbrugna...
EUVD-2024-33579
Malicious code in bioql PyPI...
EUVD-2022-53395
Malicious code in bioql PyPI...
CVE-2025-5352
CVE-2025-5352 describes a critical stored XSS in Lunary Analytics; the NEXT_PUBLIC_CUSTOM_SCRIPT environment variable is injected into the DOM via dangerouslySetInnerHTML without sanitization in Lunary versions
Ollama 安全漏洞
Ollama is an Ollama open source large-scale language model that can be started and run locally. A security vulnerability exists in Ollama versions prior to 0.1.46, which stems from a path traversal vulnerability in the api/push routing, leading to the exposure of files on the deployment server...
The vulnerability of the SplunkDeploymentServerConfig component of the Splunk Enterprise platform for operational analytics allows a perpetrator to disclose protected information.
The vulnerability of the Splunk Enterprise platform for operational analysis is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by the system...
CVE-2024-45732
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk use...
PT-2024-7156 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise version 9.2.0 through 9.2.3 Splunk Cloud Platform versions prior to 9.2.2403.103 Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110 Splunk Cloud Platform version...
Vulnerabilities fixed in Splunk products
Vulnerabilities have been fixed in Splunk products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Bypassing authentication Bypassing security measure Remote code execution Administrator/Root rights Accessing...
CVE-2022-32157
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...