CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20783 matches found

Circl•added 2026/06/11 12:32 a.m.•7 views

CVE-2026-20258

creationtimestamp| type| source ---|---|--- 2026-06-11 00:32:43+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-prodotti-splunk-3 2026-06-11 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/splunk-products-multiple-vulnerabilities20260612...

7.1CVSS4.9AI score0.00174EPSS

Exploits0References2

NVD•added 2026/06/10 6:16 p.m.•12 views

CVE-2026-20256

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

5.7CVSS0.00252EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•11 views

CVE-2026-20257

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...

5.7CVSS0.00198EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•10 views

CVE-2026-20258

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS0.00174EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•12 views

CVE-2026-20255

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...

5.7CVSS0.00245EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•9 views

CVE-2026-20259

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS0.00189EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•10 views

CVE-2026-20260

In Splunk SOAR Security Orchestration, Automation, and Response versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute ANSI escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might...

4.3CVSS0.00199EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•13 views

CVE-2026-20252

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to...

7.6CVSS0.00255EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•9 views

CVE-2026-20254

5.7CVSS0.00247EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•13 views

CVE-2026-20251

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or...

8.8CVSS0.00575EPSS

Exploits0References1

NVD•added 2026/06/10 6:16 p.m.•216 views

CVE-2026-20253

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls,...

9.8CVSS0.10035EPSS

Exploits2References3

EUVD•added 2026/06/10 5:16 p.m.•6 views

EUVD-2026-36089

7.1CVSS5.7AI score0.00174EPSS

Exploits0References1

Cvelist•added 2026/06/10 5:16 p.m.•27 views

CVE-2026-20258 Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

7.1CVSS0.00174EPSS

Exploits0References1

CVE•added 2026/06/10 5:16 p.m.•24 views

CVE-2026-20258

This CVE concerns Stored XSS in Splunk Enterprise and Splunk Cloud Platform via a classic dashboard HTML panel. A low-privileged user (not admin/power roles) can store a malicious script that executes in another user’s browser, triggered by a phishing-like action to initiate a request. Affected v...

7.1CVSS5.7AI score0.00174EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/10 5:16 p.m.•7 views

EUVD-2026-36088

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS5.6AI score0.10035EPSS

Exploits2References1

Cvelist•added 2026/06/10 5:16 p.m.•30 views

CVE-2026-20253 Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise

9.8CVSS0.10035EPSS

Exploits2References1

CVE•added 2026/06/10 5:16 p.m.•184 views

CVE-2026-20253

Summary: CVE-2026-20253 affects Splunk Enterprise and Splunk Cloud Platform due to an unauthenticated PostgreSQL sidecar service endpoint that can create or truncate arbitrary files when exposed on the network. Affected software/versions (per sources): Splunk Enterprise < 10.2.4 and < 10.0....

9.8CVSS5.8AI score0.10035EPSS

In wildExploits2References3Affected Software1