Filter
-Infinity
0

Trending

Last week
Last month
Last year

SplunkSplunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.…

critical
10
First published (updated )
CVE-2017-17067

SplunkSplunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x…

critical
10
First published (updated )
CVE-2016-10126

SplunkSplunk Enterprise deployment servers allow client publishing of forwarder bundles

critical
10
First published (updated )
CVE-2022-32158

SplunkRemote Code Execution via Serialized Session Payload

critical
9.8
First published (updated )
CVE-2023-40595

SplunkIngest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation

critical
9.8
First published (updated )
CVE-2022-37437

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

SplunkPath Traversal

critical
9.3
First published (updated )
CVE-2013-6771

SplunkSplunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functiona…

critical
9.3
First published (updated )
CVE-2011-4644

SplunkSplunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default

critical
9.1
First published (updated )
CVE-2022-32151

SplunkCode Injection

critical
9
First published (updated )
CVE-2013-7394

SplunkSplunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL

high
8.8
First published (updated )
CVE-2023-40596

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

SplunkCommand Injection in Splunk Enterprise Using External Lookups

high
8.8
First published (updated )
CVE-2023-40598

SplunkDeserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition

high
8.8
EPSS
0.05%
First published (updated )
CVE-2024-23678

SplunkCommand Injection using External Lookups

high
8.8
First published (updated )
CVE-2024-36983

SplunkRemote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows

high
8.8
First published (updated )
CVE-2024-36984

Splunk EnterpriseRemote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise

high
8.8
First published (updated )
CVE-2024-36985

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

SplunkRemote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows

high
8.8
First published (updated )
CVE-2024-45733

SplunkHTTP Response Splitting via the ‘rest’ SPL Command

high
8.8
First published (updated )
CVE-2023-32708

Splunk‘edit_user’ Capability Privilege Escalation

high
8.8
Exploited
First published (updated )
CVE-2023-32707

SplunkXEE

high
8.8
First published (updated )
CVE-2010-3322

SplunkPath Traversal in search parameter results in external content injection

high
8.8
First published (updated )
CVE-2022-26889

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

SplunkLocal privilege escalation via a default path in Splunk Enterprise Windows

high
8.8
First published (updated )
CVE-2021-42743

SplunkReflected XSS in a query parameter of the Monitoring Console

high
8.8
First published (updated )
CVE-2022-27183

SplunkRisky command safeguards bypass via rex search command field names in Splunk Enterprise

high
8.8
First published (updated )
CVE-2022-43563

SplunkRisky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise

high
8.8
First published (updated )
CVE-2022-43565

SplunkRemote Code Execution through dashboard PDF generation component in Splunk Enterprise

high
8.8
First published (updated )
CVE-2022-43571

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

SplunkReflected Cross-Site Scripting via the radio template in Splunk Enterprise

high
8.8
First published (updated )
CVE-2022-43568

SplunkXML External Entity Injection through a custom View in Splunk Enterprise

high
8.8
First published (updated )
CVE-2022-43570

SplunkRemote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature

high
8.8
First published (updated )
CVE-2022-43567

SplunkSPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise

high
8.8
First published (updated )
CVE-2023-22935

SplunkSPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise

high
8.8
First published (updated )
CVE-2023-22939

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203