Lucene search
+L
SplunkSplunk Cloud Platform

106 matches found

cve
cve
added 2026/03/11 4:18 p.m.18 views

CVE-2026-20162

Summary: CVE-2026-20162 is a Stored XSS in Splunk Enterprise before versions 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform before 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123. A low-privileged user can abuse the View creation endpoint (/manager/launcher/data/ui/views/_n...

6.3CVSS5.9AI score0.00201EPSS
Web
cve
cve
added 2025/10/01 4:7 p.m.15 views

CVE-2025-20366

CVE-2025-20366 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can access sensitive search results if an administrative search job runs in the background and the user guesses the job’s unique SID, potentially exposing confidential data. Affected ...

6.5CVSS6.1AI score0.0041EPSS
cve
cve
added 2025/11/12 5:22 p.m.15 views

CVE-2025-20378

CVE-2025-20378 affects Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9 and Splunk Cloud Platform below 10.0.2503.5, 9.3.2411.111, 9.3.2408.121. An unauthenticated attacker can craft a malicious URL using the return_to parameter of the Splunk Web login endpoint; when an authenticated ...

6.1CVSS6.4AI score0.0023EPSS
cve
cve
added 2025/12/03 5:0 p.m.15 views

CVE-2025-20388

CVE-2025-20388 affects Splunk Enterprise and Splunk Cloud Platform. A user with a role that has the high-privilege capability change_authentication could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. Affected v...

2.7CVSS6.3AI score0.00327EPSS
cve
cve
added 2025/10/01 4:7 p.m.13 views

CVE-2025-20369

The CVE-2025-20369 affects Splunk Enterprise and Splunk Cloud Platform. A low-privilege user not in admin/power roles can perform an XML External Entity (XXE) injection via the dashboard tab label field, potentially enabling Denial of Service (DoS). Affected versions include Splunk Enterprise &lt...

6.5CVSS6.8AI score0.00284EPSS
cve
cve
added 2026/03/11 4:17 p.m.13 views

CVE-2026-20165

CVE-2026-20165 affects Splunk Enterprise and Splunk Cloud Platform where a low-privileged user (not admin/power role) could access sensitive information by inspecting the job search log due to improper access control in the MongoClient logging channel. Impact is limited to confidential and integr...

6.5CVSS5.8AI score0.00166EPSS
Total number of security vulnerabilities106