Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.117 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.2 Multiple Vulnerabilities (ESA-2026-35 / ESA-2026-38)

The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-35 and ESA-2026-38 advisories. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via...

6.5CVSS5.6AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.29 views

CVE-2026-49095

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 10:44 p.m.6 views

Improper Validation of Specified Type of Input

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the Fleet agent policy management. An attacker can gain unauthorized read and...

8.5CVSS5.3AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 7:40 p.m.32 views

CVE-2026-42401

CVE-2026-42401 affects Kibana, where improper neutralization of input during web page generation (CWE-79) allows stored HTML injection. A user with write access to an Elasticsearch index can persist crafted markup that, when rendered in a Kibana view by another user, may not be sufficiently sanit...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/28 7:40 p.m.34 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

4.1CVSS0.00141EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/14 4:49 p.m.28 views

CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS0.01257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/14 4:49 p.m.11 views

CVE-2024-37285 Kibana arbitrary code execution via YAML deserialization

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...

9.1CVSS7.7AI score0.01257EPSS
Exploits0References1
CVE
CVE
added 2024/11/14 4:49 p.m.64 views

CVE-2024-37285

CVE-2024-37285 describes a deserialization flaw in Kibana that can trigger arbitrary code execution when parsing a crafted YAML document. Exploitation requires an attacker to hold a combination of Elasticsearch indices privileges on .kibana_ingest (write) with allow_restricted_indices set to true...

9.1CVSS9.5AI score0.01257EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder