Lucene search
K

33 matches found

NVD
NVD
added yesterday7 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 2:51 p.m.3 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.7AI score0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:31 p.m.3 views

EUVD-2025-37984

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.2AI score0.00131EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 3:15 p.m.6 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS0.00131EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 2:27 p.m.18 views

CVE-2025-37735

CVE-2025-37735 affects Elastic Defend on Windows. The issue is improper preservation of permissions in the Defend service (running as SYSTEM), which can lead to arbitrary file deletions and in some cases local privilege escalation. Affected versions include up to 8.19.5 and 9.0.0–9.1.5; fixed in ...

7CVSS6.4AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 2:27 p.m.7 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/06 2:27 p.m.4 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS5.9AI score0.00131EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 2:27 p.m.3 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.4AI score0.00131EPSS
Exploits0References1
Elastic
Elastic
added 2025/11/06 2:25 p.m.11 views

Elastic Defend 8.19.6, 9.1.6, and 9.2.0 Security Update (ESA-2025-23)

Elastic Defend Improper Preservation of Permissions ESA-2025-23 Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS7.8AI score0.00131EPSS
Exploits0
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

Elastic Defend 安全漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A security vulnerability exists in Elastic Defend that stems from improperly saved permissions on a...

7CVSS7.5AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45184

Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description An issue exists in Elastic Defend on Windows hosts where improper preservation of permissions can allow the Defend service, running as SYSTEM, to delete arbitrary files on the system...

7CVSS7.5AI score0.00131EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14853

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36693

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00154EPSS
Exploits0References1
Elastic
Elastic
added 2025/08/18 2:9 a.m.9 views

Elastic Response to Blog ‘EDR 0-Day Vulnerability’

Updated: August 29, 2025 Elastic has been directly engaging with the independent researcher. After evaluating additional information provided by the researcher, our original assessment still stands. To confirm we are responsibly assessing this report and providing an unbiased perspective, we are...

8.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:7 a.m.6 views

CVE-2024-37284

Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing th...

5.5CVSS6.9AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 2:43 a.m.6 views

CVE-2025-25013

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

6.5CVSS6.6AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder