Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20783 matches found

Tenable Nessus
Tenable Nessusadded 2026/02/19 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.12, 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0205 advisory. - In Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12, a lowprivileged Windows user who ca...

7.5AI score
Exploits0References2
OSV
OSVadded 2026/02/18 6:24 p.m.2 views

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 10.2.2510.0, 10.1.2507.11, 10.0.2503.9, and 9.3.2411.120, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the the Splunk internal index coul...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References1
OSV
OSVadded 2026/02/18 6:24 p.m.4 views

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

4.9CVSS5.8AI score0.0031EPSS
Exploits0References1
NVD
NVDadded 2026/02/18 6:24 p.m.4 views

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS0.0031EPSS
Exploits0References1
OSV
OSVadded 2026/02/18 6:24 p.m.3 views

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

6.5CVSS5.8AI score0.00187EPSS
Exploits0References1
OSV
OSVadded 2026/02/18 6:24 p.m.2 views

CVE-2026-20139

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1
NVD
NVDadded 2026/02/18 6:24 p.m.5 views

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

6.5CVSS0.00187EPSS
Exploits0References1
OSV
OSVadded 2026/02/18 6:24 p.m.2 views

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

4.9CVSS5.8AI score0.0031EPSS
Exploits0References1
NVD
NVDadded 2026/02/18 6:24 p.m.5 views

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

6.8CVSS0.0031EPSS
Exploits0References1
NVD
NVDadded 2026/02/18 6:24 p.m.3 views

CVE-2026-20137

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky...

5.7CVSS0.00222EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/18 4:45 p.m.20 views

CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/18 4:45 p.m.5 views

CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/18 4:45 p.m.4 views

CVE-2026-20142

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/02/18 4:45 p.m.14 views

CVE-2026-20142

Splunk Enterprise is affected in versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11. A user with access to the Splunk _internal index in a Search Head Cluster could read the RSA accessKey from Authentication.conf in plaintext, exposing highly sensitive credentials and impacting confidentiali...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/02/18 4:45 p.m.20 views

CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

6.8CVSS0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/18 4:45 p.m.3 views

CVE-2026-20138 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/18 4:45 p.m.3 views

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/02/18 4:45 p.m.14 views

CVE-2026-20138

CVE-2026-20138 affects Splunk Enterprise: in SHC deployments, users with access to the _internal index could view integrationKey, secretKey, and appSecretKey generated by Duo for Splunk in plaintext. Affected versions are below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11. Impact: potential disclosur...

6.8CVSS5.5AI score0.0031EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/18 4:45 p.m.4 views

CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.5AI score0.00248EPSS
Exploits0References1
CVE
CVEadded 2026/02/18 4:45 p.m.16 views

CVE-2026-20139

CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...

4.3CVSS5.5AI score0.00248EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder