CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

OSV•added 2026/05/07 12:8 a.m.•1 views

GHSA-X83W-23JP-G6PW OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation

Description A flaw was identified in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions were not correctly applied to search queries that use hasparent or haschild join relations. This could allow an authenticated user to access document contents that...

5.3CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/07 12:8 a.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of search queries involving hasparent or haschild join relations when document-level security is enabled. An attacker can gain unauthorized access to restricted document contents by crafting...

6CVSS5.8AI score

Exploits0References2

Github Security Blog•added 2026/05/07 12:8 a.m.•6 views

OpenSearch Security plugin: DLS not applied on documents linked by has_child or has_parent relation

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/07 12:0 a.m.•3 views

PT-2026-41510

Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw exists in the OpenSearch Security plugin's document-level security DLS implementation. DLS restrictions are not correctly applied to search queries...

5.3CVSS5.8AI score

Exploits0References5

RedhatCVE•added 2025/11/15 2:45 p.m.•4 views

CVE-2025-12149

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security DLS is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices...

6CVSS6.8AI score0.00052EPSS

Exploits0References1

NVD•added 2025/11/14 2:15 p.m.•2 views

CVE-2025-12149

6CVSS0.00052EPSS

Exploits0References3

CVE•added 2025/11/14 1:58 p.m.•6 views

CVE-2025-12149

In CVE-2025-12149, Search Guard FLX ≤3.1.2 fails to enforce Document-Level Security when a Signals-watch triggers a search, potentially allowing access to all documents in the queried indices. Affected component: Search Guard FLX; root cause: DLS enforcement gap specific to Signals-triggered sear...

6CVSS6.4AI score0.00052EPSS

Exploits0References3

Vulnrichment•added 2025/11/14 1:58 p.m.•3 views

CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

6CVSS6.4AI score0.00052EPSS

Exploits0References3

EUVD•added 2025/11/14 1:58 p.m.•3 views

EUVD-2025-197609

6CVSS6.3AI score0.00052EPSS

Exploits0References4

Cvelist•added 2025/11/14 1:58 p.m.•7 views

CVE-2025-12149 Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents

6CVSS0.00052EPSS

Exploits0References3

Positive Technologies•added 2025/11/14 12:0 a.m.•3 views

PT-2025-46956

Name of the Vulnerable Software and Affected Versions Search Guard FLX versions 3.1.2 and earlier Description In Search Guard FLX versions 3.1.2 and earlier, Document-Level Security DLS is not enforced when a search is initiated from a Signals watch, potentially granting access to all documents...

6CVSS6.5AI score0.00052EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2017-17392

Malware in sbrugna...

4.3CVSS5.1AI score0.00133EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1968

Malware in sbrugna...

6.5CVSS6.4AI score0.00314EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-7276

Malware in sbrugna...

6.5CVSS6.6AI score0.00167EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-1133