Where
-Infinity
0

Trending

Last week
Last month
Last year

Splunk splunkUnauthenticated Log Injection in Splunk Enterprise

Risk 27
Severity
5.3
First published (updated )
CVE-2025-20384

Splunk splunkStored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

Risk 29
Severity
4.8
First published (updated )
CVE-2025-20385

Splunk splunkURL validation bypass through Views Dashboard in Splunk Enterprise

Risk 34
Severity
5.4
First published (updated )
CVE-2025-20382

Splunk EnterpriseUnauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

Risk 77
Severity
8.8
First published (updated )
CVE-2025-20371

Splunk Splunk Cloud PlatformReflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component

Risk 34
Severity
5.4
First published (updated )
CVE-2025-20297
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk Splunk Cloud PlatformRisky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise

Risk 33
Severity
5.7
First published (updated )
CVE-2025-20232

Splunk splunkMaintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise

Risk 37
Severity
6.5
First published (updated )
CVE-2025-20228

Splunk Cloud PlatformInformation Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio

Risk 22
Severity
4.3
First published (updated )
CVE-2025-20227

Splunk Splunk Cloud PlatformRisky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise

Risk 33
Severity
5.7
First published (updated )
CVE-2025-20226

Splunk Splunk Cloud PlatformRisky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter

Risk 33
Severity
5.7
First published (updated )
CVE-2024-53244
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk Splunk Cloud PlatformSensitive Information Disclosure through SPL commands

Risk 43
Severity
7.5
First published (updated )
CVE-2024-53246

Splunk Splunk Cloud PlatformInformation Disclosure due to Username Collision with a Role that has the same Name as the User

Risk 22
Severity
4.3
First published (updated )
CVE-2024-53245

Splunk splunkMaintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)

Risk 22
Severity
4.3
First published (updated )
CVE-2024-45737

Splunk Splunk Cloud PlatformLow-privileged user could run search as nobody in SplunkDeploymentServerConfig app

Risk 48
Severity
7.1
First published (updated )
CVE-2024-45732

Splunk splunkImproperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon

Risk 38
Severity
6.5
First published (updated )
CVE-2024-45736
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk splunkPersistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise

Risk 34
Severity
5.4
First published (updated )
CVE-2024-45741

Splunk splunkPersistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise

Risk 34
Severity
5.4
First published (updated )
CVE-2024-45740

Splunk splunkImproper Access Control for low-privileged user in Splunk Secure Gateway App

Risk 22
Severity
4.3
First published (updated )
CVE-2024-45735

Splunk splunkPersistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

Risk 54
Severity
8.1
First published (updated )
CVE-2024-36997

Splunk splunkPersistent Cross-site Scripting (XSS) in Web Bulletin

Risk 34
Severity
5.4
First published (updated )
CVE-2024-36993
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk splunkLow-privileged user could create experimental items

Risk 34
Severity
5.4
First published (updated )
CVE-2024-36995

Splunk splunkDenial of Service through null pointer reference in “cluster/config” REST endpoint

Risk 43
Severity
7.5
First published (updated )
CVE-2024-36982

Splunk splunkDenial of Service (DoS) on the datamodel/web REST endpoint

Risk 38
Severity
6.5
First published (updated )
CVE-2024-36990

Splunk splunkPersistent Cross-site Scripting (XSS) in Dashboard Elements

Risk 34
Severity
5.4
First published (updated )
CVE-2024-36992

Splunk splunkRisky command safeguards bypass through Search ID query in Analytics Workspace

Risk 43
Severity
6.3
First published (updated )
CVE-2024-36986
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Splunk splunkCommand Injection using External Lookups

Risk 79
Severity
8.8
First published (updated )
CVE-2024-36983

Splunk splunkInformation Disclosure of user names

Risk 27
Severity
5.3
First published (updated )
CVE-2024-36996

Splunk splunkPersistent Cross-site Scripting (XSS) in Dashboard Elements

Risk 34
Severity
5.4
First published (updated )
CVE-2024-36994

Splunk splunkLow-privileged user could create notifications in Splunk Web Bulletin Messages

Risk 48
Severity
7.1
First published (updated )
CVE-2024-36989

Splunk splunkInsecure File Upload in the indexing/preview REST endpoint

Risk 38
Severity
6.5
First published (updated )
CVE-2024-36987
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203