Lucene search
K

220 matches found

Snyk
Snyk
added 2025/10/07 2:43 p.m.7 views

Insufficiently Protected Credentials

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the CrowdStrike connector. An attacker can obtain CrowdStrike credentials by accessing...

5.4CVSS7.1AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2025/10/07 2:15 p.m.7 views

CVE-2025-37728

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

5.4CVSS0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 1:54 p.m.7 views

EUVD-2025-32872

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

5.4CVSS6.3AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 1:54 p.m.29 views

CVE-2025-37728

Kibana CrowdStrike Connector vulnerability CVE-2025-37728 involves insufficient protection of CrowdStrike credentials, enabling a malicious user to access cached credentials across spaces within a Kibana instance. Affected: Kibana CrowdStrike Connector in Kibana 7.x–9.1.x with exposed API credent...

5.4CVSS6.5AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 1:54 p.m.15 views

CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

5.4CVSS0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 1:54 p.m.2 views

CVE-2025-37728 Kibana Insufficiently Protected Credentials in the CrowdStrike Connector

Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connector in a space to which they have access...

5.4CVSS6.5AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.5 views

PT-2025-40996

Name of the Vulnerable Software and Affected Versions Kibana versions 7.x through 7.17.29 Kibana versions 8.18.0 through 8.18.7 Kibana versions 8.19.0 through 8.19.4 Kibana versions 9.0.0 through 9.0.7 Kibana versions 9.1.0 through 9.1.4 Description A security issue exists in the Kibana CrowdStri...

5.4CVSS5.4AI score0.00232EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.4 views

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from insufficient credential protection in the Crowdstrike connector, which could lead to credential disclosure...

5.4CVSS5.6AI score0.00232EPSS
Exploits0References2
Elastic
Elastic
added 2025/10/06 4:44 p.m.15 views

Kibana - Crowdstrike Connector 8.18.8, 8.19.5, 9.0.8, and 9.1.5 Security Update (ESA-2025-19)

Kibana Insufficiently Protected Credentials in the CrowdStrike Connector ESA-2025-19 Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from an Elastic Crowdstrike connector in another...

5.4CVSS6.8AI score0.00232EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-35075

Malicious code in bioql PyPI...

2.7CVSS3.7AI score0.03672EPSS
Exploits4References5
HackRead
HackRead
added 2025/09/16 12:0 p.m.5 views

Seraphic Browser-Native Protection Now Available for Purchase on the CrowdStrike Marketplace

Las Vegas, United States, 16th September 2025, CyberNewsWire...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:56 a.m.5 views

Malicious code in remark-preset-lint-crowdstrike (npm)

Suspicious postinstall script executes a file with excessive bitwise math. Likely malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 165b629be2876c01b20135bbf391a92b4ae66e6645b8f390bcbb5373f8d43c5b Any computer that has this package installed or running should...

6.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:55 a.m.4 views

Malicious code in eslint-config-crowdstrike (npm)

Suspicious postinstall script executing bundle.js combined with unsignedbitwisemathexcess YARA rule match indicates potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5700b3786b16cd76be2c86bc19af1fd76ac0dbfa6bb16f29e3837fc94598b75 Any computer that...

6.8AI score
Exploits0References8
OSV
OSV
added 2025/09/16 7:55 a.m.5 views

MAL-2025-47226 Malicious code in eslint-config-crowdstrike (npm)

Suspicious postinstall script executing bundle.js combined with unsignedbitwisemathexcess YARA rule match indicates potential malware. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5700b3786b16cd76be2c86bc19af1fd76ac0dbfa6bb16f29e3837fc94598b75 Any computer that...

6.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:54 a.m.6 views

Malicious code in eslint-config-crowdstrike-node (npm)

Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...

6.8AI score
Exploits0References8
OSV
OSV
added 2025/09/16 7:54 a.m.3 views

MAL-2025-47227 Malicious code in eslint-config-crowdstrike-node (npm)

Suspicious postinstall script executing bundle.js with excessive bitwise math indicates malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40d780d93001ede85edbf1e9b83f884f84ab20fc210cd34a95b114599c01387a Any computer that has this package installed ...

6.8AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:49 a.m.4 views

Malicious code in @crowdstrike/tailwind-toucan-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 815645af1286f8262a60ed5ee1cfb7b699786a707007300ea5c62602046d2460 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
OSV
OSV
added 2025/09/16 7:49 a.m.4 views

MAL-2025-47237 Malicious code in @crowdstrike/tailwind-toucan-base (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 815645af1286f8262a60ed5ee1cfb7b699786a707007300ea5c62602046d2460 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:48 a.m.5 views

Malicious code in @crowdstrike/logscale-search (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf328d64388e35603ec9a233e2d1ba28fa6fd2508bf245a22733a1818a670e92 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
OSV
OSV
added 2025/09/16 7:48 a.m.3 views

MAL-2025-47236 Malicious code in @crowdstrike/logscale-search (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf328d64388e35603ec9a233e2d1ba28fa6fd2508bf245a22733a1818a670e92 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
Rows per page
Query Builder