1799 matches found
Kibana - Local File Inclusion
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with...
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...
CVE-2026-56152
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
CVE-2026-56152
Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...
CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
EUVD-2026-41087
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
CVE-2026-56152
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
GHSA-PJV4-3C63-699F vulnerabilities
Vulnerabilities for packages: elastic-agent, elastic-agent-fips...
CVE-2026-42602 vulnerabilities
Vulnerabilities for packages: elastic-agent, elastic-agent-fips...
GHSA-HJ4R-2C9C-29H3 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server, cloudbeat...
CVE-2023-49922 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, apm-server-fips, elastic-agent-fips, elastic-agent, apm-server, cloudbeat...
CVE-2026-48496 vulnerabilities
Vulnerabilities for packages: elastic-agent, elastic-agent-fips...
GHSA-F2R5-5M7W-P5CX vulnerabilities
Vulnerabilities for packages: elastic-agent, elastic-agent-fips...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kubescape-server, mattermost-fips, zitadel, kine, prometheus-elasticsearch-exporter, gitea, kyverno, opentelemetry-collector, drone-fips, nemo, gitea-fips, kyverno-fips, cilium-cli, trivy, external-secrets-operator-fips, cloud-provider-aws, chisel-fips, kuma,...
EUVD-2026-39356
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
CVE-2026-40012
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
CVE-2026-40012
The vulnerability CVE-2026-40012 affects configurations with ECS enabled, where ECS zero-scoped answers are stored in the packet cache instead of being properly restricted, potentially leaking to clients. The issue has a network-based attack surface with low confidentiality impact (CVSS v3.1: 5.3...
CVE-2026-40012
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
CVE-2026-57295
CVE-2026-57295 describes a CSRF vulnerability in Jenkins EC2 Fleet Plugin (versions up to 4.2.3.539.v8fedff2a_81c3 and earlier). The issue lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained by another method, potentially captur...
Kibana Timelion - Arbitrary Code Execution
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...