| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-20203 | Improper Access Control in Data Model Acceleration in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 4.3 | 2026-04-15 15:17:56 | Deep Dive |
| CVE-2026-20204 | Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise | Splunk | Splunk Enterprise | High | 7.1 | 2026-04-15 15:17:54 | Deep Dive |
| CVE-2026-20202 | Improper Input Validation during User Account Creation in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.6 | 2026-04-15 15:17:44 | Deep Dive |
| CVE-2026-20163 | Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise | Splunk | Splunk Enterprise | High | 7.2 | 2026-03-11 16:18:27 | Deep Dive |
| CVE-2026-20162 | Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.3 | 2026-03-11 16:18:23 | Deep Dive |
| CVE-2026-20166 | Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.4 | 2026-03-11 16:18:17 | Deep Dive |
| CVE-2026-20164 | Sensitive Information Disclosure through Improper Access Control in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.5 | 2026-03-11 16:18:02 | Deep Dive |
| CVE-2026-20165 | Sensitive Information Disclosure in MongoClient logging channel in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.3 | 2026-03-11 16:17:54 | Deep Dive |
| CVE-2026-20139 | Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 4.3 | 2026-02-18 16:45:32 | Deep Dive |
| CVE-2026-20144 | Sensitive Information Disclosure in ''_internal'' index in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.8 | 2026-02-18 16:45:24 | Deep Dive |
| CVE-2026-20137 | Risky Commands Safeguards Bypass through preloaded Data Models due to Path Traversal vulnerability in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.5 | 2026-02-18 16:45:18 | Deep Dive |
| CVE-2025-20388 | Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 2.7 | 2025-12-03 17:00:59 | Deep Dive |
| CVE-2025-20389 | Improper Input Validation in "label" column field in Splunk Secure Gateway App | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:55 | Deep Dive |
| CVE-2025-20383 | Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:36 | Deep Dive |
| CVE-2025-20384 | Unauthenticated Log Injection in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.3 | 2025-12-03 17:00:34 | Deep Dive |
| CVE-2025-20385 | Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 2.4 | 2025-12-03 17:00:30 | Deep Dive |
| CVE-2025-20382 | URL validation bypass through Views Dashboard in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.5 | 2025-12-03 17:00:22 | Deep Dive |
| CVE-2025-20379 | Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.5 | 2025-11-12 17:23:01 | Deep Dive |
| CVE-2025-20378 | Open Redirect on Web Login endpoint in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.1 | 2025-11-12 17:22:57 | Deep Dive |
| CVE-2025-20368 | Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.7 | 2025-10-01 16:08:04 | Deep Dive |