Lucene search
K

2188 matches found

Nuclei
Nuclei
added 19 hours ago11 views

Fantastic ElasticSearch Plugin <= 4.1.0 - Cross-Site Scripting

Fantastic ElasticSearch WordPress plugin = 4.1.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to visit a malicious link. id: CVE-2024-13221 info: name:...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
Nuclei
Nuclei
added 19 hours ago58 views

Elasticsearch - Local File Inclusion

Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. id: CVE-2015-3337 info: name: Elasticsearch - Local File Inclusion author: pdteam severity: medium description: Elasticsearch before 1.4.5 and...

4.3CVSS7.2AI score0.33129EPSS
Exploits5References5
Nuclei
Nuclei
added 19 hours ago50 views

ElasticSearch <1.6.1 - Local File Inclusion

ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. id: CVE-2015-5531 info: name: ElasticSearch 1.6.1 - Local File Inclusion author: princechaddha severity: medium description: ElasticSearch before 1.6.1 allows remote...

5CVSS7.3AI score0.9175EPSS
Exploits7References5
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-35211 OpenCTI: Elasticsearch Painless Script Injection via GraphQL `script` filter operator allows authenticated user to exfiltrate data and cause DoS

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260401.0, the OpenCTI GraphQL API exposes a script filter operator in its FilterOperator enum that allows any authenticated user with the KNOWLEDGE capability to pass user-supplied...

6.5CVSS0.00376EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-35211

OpenCTI exposes a script filter operator in the GraphQL FilterOperator enum prior to version 7.260401.0. An authenticated user with the KNOWLEDGE capability can pass user-supplied Elasticsearch Painless script values directly into search queries without validation, enabling potentially expensive ...

6.5CVSS6AI score0.00376EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago78 views

Elasticsearch 7.10.0-7.13.3 - Information Disclosure

ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...

6.5CVSS7.2AI score0.76249EPSS
Exploits6References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-46453 Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

0.00451EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41827

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

5.3CVSS6AI score0.00451EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-46453

Technical details for CVE-2026-46453 are not publicly available in the provided documents. No affected products, versions, impact, or fixes are enumerated here. Monitor official advisories for updates.

5.3CVSS6AI score0.00451EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-46453

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

6AI score0.00451EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago3 views

BIT-ELASTICSEARCH-2026-56149 Allocation of Resources Without Limits or Throttling in Elasticsearch Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.9AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

BIT-ELASTICSEARCH-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS6AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

BIT-ELASTICSEARCH-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS6AI score0.00251EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Elasticsearch 8.0.x < 8.19.17 / 9.0.x < 9.3.6 / 9.4.x < 9.4.3 Multiple DoS

The version of Elasticsearch installed on the remote host is 8.0 prior to 8.19.17, 9.0 prior to 9.3.6, or 9.4.0 prior to 9.4.3. It is, therefore, affected by multiple denial of service vulnerabilities: - Uncontrolled recursion in Elasticsearch allows an authenticated user to submit a specially...

6.5CVSS6AI score0.00324EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Elasticsearch 7.0.x < 7.17.24 / 8.0.x < 8.15.0 DoS (ESA-2026-52)

The version of Elasticsearch installed on the remote host is 7.0 prior to 7.17.24 or 8.0 prior to 8.15.0. It is, therefore, affected by a denial of service vulnerability: - Uncontrolled resource consumption in Elasticsearch allows an authenticated user to submit a specially crafted bulk request...

6.5CVSS6AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 6:16 p.m.6 views

CVE-2026-49090

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.19 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:15 p.m.6 views

EUVD-2026-41100

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:15 p.m.18 views

CVE-2026-49090

CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder