splunk inc.
Latest CVEs
The 15 most recently published vulnerabilities affecting splunk inc..
- CVE-2025-20388Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise2.7
- CVE-2025-20389Improper Input Validation in "label" column field in Splunk Secure Gateway App4.3
- CVE-2025-20387Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade8.0
- CVE-2025-20383Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app4.3
- CVE-2025-20384Unauthenticated Log Injection in Splunk Enterprise5.3
- CVE-2025-20386Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade8.0
- CVE-2025-20385Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise2.4
- CVE-2025-20381SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool5.4
- CVE-2025-20382URL validation bypass through Views Dashboard in Splunk Enterprise3.5
- CVE-2025-20379Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise3.5
- CVE-2025-20378Open Redirect on Web Login endpoint in Splunk Enterprise3.1
- CVE-2025-20368Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise5.7
- CVE-2025-20371Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise7.5
- CVE-2025-20367Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise5.7
- CVE-2025-20370Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise4.9