CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

154 matches found

RedhatCVE•added 2026/05/29 8:13 p.m.•7 views

CVE-2026-49095

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

6.5CVSS5.8AI score0.00072EPSS

Exploits0References1

NVD•added 2026/05/28 9:16 p.m.•7 views

CVE-2026-49095

6.5CVSS0.00072EPSS

Exploits0References1

EUVD•added 2026/05/28 7:48 p.m.•7 views

EUVD-2026-33033

6.5CVSS5.8AI score0.00072EPSS

Exploits0References1

Cvelist•added 2026/05/28 7:48 p.m.•33 views

CVE-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

6.5CVSS0.00072EPSS

Exploits0References1

CVE•added 2026/05/28 7:48 p.m.•13 views

CVE-2026-49095

Kibana Fleet policy management feature is affected by CVE-2026-49095 due to improper input validation (CWE-20). An authenticated user with Fleet management privileges can inject values into a configuration override mechanism, causing Elastic Agents to be issued API keys with elevated Elasticsearc...

6.5CVSS5.8AI score0.00072EPSS

Exploits0References1Affected Software1

Elastic•added 2026/05/28 7:26 p.m.•10 views

Kibana Fleet 8.19.16, 9.3.5, and 9.4.2 Security Update (ESA-2026-38)

Improper Input Validation in Kibana Fleet Leading to Privilege Escalation Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by...

6.5CVSS5.7AI score0.00072EPSS

Exploits0

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation, potentially leading to privilege escalation. Users with Fleet management privileges and who are authenticated...

6.5CVSS5.8AI score0.00072EPSS

Exploits0References2

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44537

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Kibana Fleet agent policy management feature allows an authenticated user with Fleet management privileges to escalate privileges. By injecting values into a...

6.5CVSS5.8AI score0.00072EPSS

Exploits0References4

Positive Technologies•added 2026/04/02 12:0 a.m.•1 views

PT-2026-29955

Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint in github.com/fleetdm/fleet...

5.9AI score

Exploits0References2

RedhatCVE•added 2026/03/28 11:9 p.m.•2 views

CVE-2026-26061

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.9AI score0.00023EPSS

Exploits0References1

Snyk•added 2026/03/27 8:24 p.m.•3 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...

8.7CVSS5.9AI score0.00063EPSS

Exploits0References2

Snyk•added 2026/03/27 8:22 p.m.•1 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00028EPSS

Exploits0References2

Snyk•added 2026/03/27 7:24 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...

8.8CVSS6.1AI score0.00016EPSS

Exploits0References2

HackRead•added 2026/03/10 9:12 a.m.•4 views

Leading Myanmar Fleet Management Company Yoma Fleet Selects AccuKnox SIEM to Replace Legacy Tools

Menlo Park, USA, 10th March 2026, CyberNewswire...

5.8AI score

Exploits0

Github Security Blog•added 2026/01/20 8:52 p.m.•10 views

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

Summary A cross-site scripting XSS vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user account. In certain cases, this could lead to administrative access and the ability to perform privileged actions on managed devices. Impact If Windows MD...

5.5CVSS5.2AI score0.00047EPSS

Exploits0References4Affected Software2

Elastic•added 2025/12/15 10:15 a.m.•9 views

Kibana 8.19.8, 9.1.8, and 9.2.2 Security Update (ESA-2025-28)

Kibana Cross-site Scripting via the Integration Package Upload Functionality ESA-2025-28 Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render an HTML page within a user’s browser via the integration package upload...

8.7CVSS6.5AI score0.00028EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-15021

Malware in sbrugna...

6.5CVSS6.9AI score0.0027EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-15018

Malware in sbrugna...

6.5CVSS6.9AI score0.00947EPSS

Exploits0References3