CVE-2026-20166 Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover...

CVE-2026-20166

CVE-2026-20166 affects Splunk Enterprise and Splunk Cloud Platform where a low-privilege user (not admin/power) could retrieve the Observability Cloud API access token via the Discover Splunk Observability Cloud app due to improper access control. Affected: Splunk Enterprise < 10.2.1 and < ...

EUVD-2025-2894

Malicious code in bioql PyPI...

EUVD-2023-36942

Malicious code in bioql PyPI...

EUVD-2023-36940

Malicious code in bioql PyPI...

EUVD-2025-8428

Malicious code in bioql PyPI...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233

CVE-2025-20233 concerns the Splunk App for Lookup File Editing (pre-4.0.5). A script uses Python’s chmod and makedirs in a way that yields overly broad read and execute permissions, causing improper access control for a low-privileged user. The provided documents do not specify a remediation. Mon...

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

The vulnerability of the Splunk App for SOAR software lies in its insecure management of privileges, allowing attackers to elevate their privileges.

The vulnerability of the Splunk App for SOAR software relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

CVE-2025-22621

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...

CVE-2025-22621

CVE-2025-22621 affects Splunk App for SOAR, versions 1.0.67 and lower. The root cause is a documentation-guided addition of the admin_all_objects capability to the splunk_app_soar role, potentially granting high-privilege access to a low-privileged user and compromising access control. The CVE is...

PT-2025-4607 · Splunk · Splunk App For Soar

Name of the Vulnerable Software and Affected Versions: Splunk App for SOAR versions 1.0.67 and lower Description: The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splu...

The vulnerability of the Splunk App for Lookup File Editing application, which exists due to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Splunk App for Lookup File Editing application exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks remotely...

CVE-2023-32713

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user...