Splunk cloud platform
This hub aggregates every CVE we track for Splunk cloud platform, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
68
CVEs tracked
0
Critical
19
High
0
In CISA KEV
Severity distribution
MEDIUM42HIGH19LOW7
Monthly trend
0
0
6
0
0
0
0
5
0
0
1
6
0
0
6
2
6
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Splunk cloud platform.
- CVE-2025-20388Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise2.7
- CVE-2025-20389Improper Input Validation in "label" column field in Splunk Secure Gateway App4.3
- CVE-2025-20383Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app4.3
- CVE-2025-20384Unauthenticated Log Injection in Splunk Enterprise5.3
- CVE-2025-20385Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise2.4
- CVE-2025-20382URL validation bypass through Views Dashboard in Splunk Enterprise3.5
- CVE-2025-20379Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise3.5
- CVE-2025-20378Open Redirect on Web Login endpoint in Splunk Enterprise3.1
- CVE-2025-20368Stored Cross-Site Scripting (XSS) through missing field warning messages in Saved Search and Job Inspector on Splunk Enterprise5.7
- CVE-2025-20371Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise7.5
- CVE-2025-20367Reflected Cross-site Scripting (XSS) in '/app/search/table' endpoint through the 'dataset.command' parameter on Splunk Enterprise5.7
- CVE-2025-20370Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise4.9
- CVE-2025-20366Improper Access Control in Background Job Submission in Splunk Enterprise6.5
- CVE-2025-20369Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise4.6
- CVE-2025-20322Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise4.3
Product normalization is registry-driven with AI assist and human review. How it works