CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/10 5:16 p.m.•32 views

CVE-2026-20258

This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...

Exploits0References1Affected Software1

EUVD•added 2026/06/10 5:16 p.m.•8 views

EUVD-2026-36089

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

Cvelist•added 2026/06/10 5:16 p.m.•29 views

CVE-2026-20258 Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

7.1CVSS0.00174EPSS

CVE•added 2026/06/10 5:16 p.m.•16 views

CVE-2026-20257

CVE-2026-20257 affects Splunk Enterprise (versions below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, 9.3.2411.132). A low-privileged user without admin/power roles can craft a classic dashboard that exfiltrates sensitive data from the...

5.7CVSS5.5AI score0.00198EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/10 5:16 p.m.•28 views

CVE-2026-20257 Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise

5.7CVSS0.00198EPSS

EUVD•added 2026/06/10 5:16 p.m.•10 views

EUVD-2026-36085

5.7CVSS5.4AI score0.00198EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48497

5.7CVSS5.4AI score0.00198EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•10 views

PT-2026-48498

Tenable Nessus•added 2026/06/10 12:0 a.m.•9 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0608)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0608 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11...

EUVD•added 2026/03/11 6:30 p.m.•3 views

EUVD-2026-11226

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does not hold the "admin" or "power" Splunk roles could craft a malicious payload when creating a Vie...

NVD•added 2026/03/11 5:16 p.m.•3 views

CVE-2026-20162

6.3CVSS0.00201EPSS

CVE•added 2026/03/11 4:18 p.m.•10 views

CVE-2026-20162

Summary: CVE-2026-20162 is a Stored XSS in Splunk Enterprise before versions 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform before 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123. A low-privileged user can abuse the View creation endpoint (/manager/launcher/data/ui/views/_n...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/11 4:18 p.m.•2 views

CVE-2026-20162

Exploits0References2Affected Software2

Cvelist•added 2026/03/11 4:18 p.m.•27 views

CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise

6.3CVSS0.00201EPSS

Positive Technologies•added 2026/03/11 12:0 a.m.•5 views

PT-2026-24734

Tenable Nessus•added 2026/02/18 12:0 a.m.•5 views

Exploits0References4

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.3 (SVD-2026-0202)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0202 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below...

5.7CVSS5.8AI score0.00222EPSS

Positive Technologies•added 2025/12/03 12:0 a.m.•4 views

PT-2025-48954

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120 Description A user with limited privileges, lacking administrator or power roles, can crea...

5.4CVSS6.3AI score0.0019EPSS

Exploits0References4

RedhatCVE•added 2025/11/13 6:0 p.m.•10 views

CVE-2025-20379

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using th...

3.5CVSS6.8AI score0.00246EPSS

OSV•added 2025/11/12 6:15 p.m.•1 views

CVE-2025-20379

3.5CVSS5.8AI score0.00246EPSS