Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2025-22621 | In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles. | 6.4 | 0.25% | 2025-01-07 | 2026-04-15 |
| CVE-2025-0367 | In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack. | 6.5 | 0.47% | 2025-01-30 | 2026-04-15 |
| CVE-2024-53247 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). | 8.8 | 1.08% | 2024-12-10 | 2026-04-15 |
| CVE-2024-53243 | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | 4.3 | 0.30% | 2024-12-10 | 2026-04-15 |
| CVE-2022-32156 | In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not aff | 8.1 | 0.74% | 2022-06-15 | 2026-02-25 |
| CVE-2024-53252 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-53251 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-53250 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-53249 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-53248 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45743 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45742 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45730 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45729 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45728 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45727 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45726 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45725 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-45724 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |
| CVE-2024-36998 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | N/A | 2026-01-22 | 2026-01-22 |