Lucene search
K

1799 matches found

Nuclei
Nuclei
added yesterday92 views

Kibana - Local File Inclusion

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with...

9.8CVSS7AI score0.82251EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday78 views

Elasticsearch 7.10.0-7.13.3 - Information Disclosure

ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...

6.5CVSS7.2AI score0.76249EPSS
Exploits6References5
NVD
NVD
added last week10 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Chainguard
Chainguard
added last week7 views

GHSA-PJV4-3C63-699F vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added last week5 views

CVE-2026-42602 vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

8.1CVSS5.9AI score0.00222EPSS
Exploits1
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.5 views

GHSA-HJ4R-2C9C-29H3 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server, cloudbeat...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.5 views

CVE-2023-49922 vulnerabilities

Vulnerabilities for packages: cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server, cloudbeat...

6.8CVSS6.7AI score0.00589EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/28 8:22 a.m.9 views

CVE-2026-48496 vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

5.9AI score0.00017EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/28 8:22 a.m.6 views

GHSA-F2R5-5M7W-P5CX vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kubescape-server, mattermost-fips, zitadel, kine, prometheus-elasticsearch-exporter, gitea, kyverno, opentelemetry-collector, drone-fips, nemo, gitea-fips, kyverno-fips, cilium-cli, trivy, external-secrets-operator-fips, cloud-provider-aws, chisel-fips, kuma,...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/25 12:58 p.m.5 views

EUVD-2026-39356

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:58 p.m.5 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0
CVE
CVE
added 2026/06/25 12:58 p.m.16 views

CVE-2026-40012

The vulnerability CVE-2026-40012 affects configurations with ECS enabled, where ECS zero-scoped answers are stored in the packet cache instead of being properly restricted, potentially leaking to clients. The issue has a network-based attack surface with low confidentiality impact (CVSS v3.1: 5.3...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 12:58 p.m.7 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.8AI score0.00305EPSS
Exploits0
CVE
CVE
added 2026/06/24 1:20 p.m.101 views

CVE-2026-57295

CVE-2026-57295 describes a CSRF vulnerability in Jenkins EC2 Fleet Plugin (versions up to 4.2.3.539.v8fedff2a_81c3 and earlier). The issue lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained by another method, potentially captur...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.49 views

Kibana Timelion - Arbitrary Code Execution

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...

10CVSS8.9AI score0.95338EPSS
Exploits12References5
Rows per page
Query Builder