Most Exploited Internet-Facing Products

MEIFP

Back to Ranking

Splunk

Products: Splunk Cloud · Splunk Cloud Platform · Splunk Enterprise · Splunk Secure Gateway

40.6

Score

8

CVEs

1

Active

7

PoC

1

KEV

#58

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2026-20253	2026-06-10	9.8v3.1	ACTIVE		Low	None	YES	40.6	Splunk Enterprise	In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowi
CVE-2024-45732	2024-10-14	7.1v3.1	POC	—	Low	Low	no	0.0	Splunk Cloud PlatformSplunk Enterprise	In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user i
CVE-2024-45733	2024-10-14	8.8v3.1	POC	—	Low	Low	no	0.0	Splunk Enterprise	In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
CVE-2024-45734	2024-10-14	4.3v3.1	POC	—	Low	Low	no	0.0	Splunk Enterprise	In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed b
CVE-2024-45735	2024-10-14	4.3v3.1	POC	—	Low	Low	no	0.0	Splunk EnterpriseSplunk Secure Gateway	In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and
CVE-2024-45736	2024-10-14	6.5v3.1	POC	—	Low	Low	no	0.0	Splunk Cloud PlatformSplunk Enterprise	In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" param
CVE-2024-36984	2024-07-01	8.8v3.1	POC	—	Low	Low	no	0.0	Splunk Enterprise	In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. The attacker could use the query to execute arbitrary code.
CVE-2024-36991	2024-07-01	7.5v3.1	POC	—	Low	None	YES	0.0	Splunk Enterprise	In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3