Lucene search
K

154 matches found

EUVD
EUVD
added 2026/02/26 6:31 p.m.4 views

EUVD-2026-8865

Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

6.5CVSS5.3AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 6:31 p.m.5 views

EUVD-2026-8863

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 5:51 p.m.5 views

CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 5:51 p.m.4 views

CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/02/26 5:51 p.m.36 views

CVE-2026-26937

CVE-2026-26937 affects the Timelion component in Kibana . The issue is an Uncontrolled Resource Consumption (CWE-400) that can cause a Denial of Service via Input Data Manipulation (CAPEC-153) . Attack surface is network-based with no user interaction required per the CVSS data, leading to high i...

7.5CVSS5.3AI score0.00272EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 5:51 p.m.10 views

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/26 4:59 p.m.23 views

CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...

5.7CVSS0.00454EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22171

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in the Timelion component that allows for Denial of Service through manipulation of input data, resulting in uncontrolled resource consumption. This can lead to a disruption of...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References8
OSV
OSV
added 2026/01/13 9:2 p.m.5 views

CVE-2026-0528 Improper Input Validation in Metricbeat Leading to Denial of Service

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

6.5CVSS7.2AI score0.00327EPSS
Exploits0References3
NVD
NVD
added 2026/01/09 12:15 a.m.7 views

CVE-2026-22712

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

4.3CVSS0.00213EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/09 12:6 a.m.4 views

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

2.3CVSS6.5AI score0.00213EPSS
Exploits1References2
CVE
CVE
added 2026/01/09 12:6 a.m.14 views

CVE-2026-22712

The CVE-2026-22712 issue affects MediaWiki’s ApprovedRevs extension (versions 1.39–1.45). The root cause is improper encoding or escaping of output due to a magic word replacement in ParserAfterTidy, which can enable input data manipulation by bypassing the inline CSS sanitizer. Exploitation deta...

4.3CVSS6.5AI score0.00213EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/09 12:6 a.m.29 views

CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer

Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...

2.3CVSS0.00213EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

Mediawiki - ApprovedRevs Extension 安全漏洞

Mediawiki - ApprovedRevs Extension is an open source content quality control plugin for Mediawiki. A security vulnerability exists in Mediawiki - ApprovedRevs Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper output encoding or escaping, and could lead to input data...

4.3CVSS6.7AI score0.00213EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/13 5:29 a.m.6 views

CVE-2025-8887

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs...

6.1CVSS6.8AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 2:15 p.m.4 views

CVE-2025-8887

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...

6.1CVSS0.00137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/10/10 1:56 p.m.5 views

CVE-2025-8887

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...

6.1CVSS5.5AI score0.00137EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/10 1:56 p.m.2 views

CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...

6.1CVSS5.4AI score0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 1:56 p.m.11 views

CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif

Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...

6.1CVSS0.00137EPSS
Exploits0References2
CVE
CVE
added 2025/10/10 1:56 p.m.9 views

CVE-2025-8887

The CVE-2025-8887 issue concerns Usta Information Systems Inc. Aybs Interaktif. Affects Aybs Interaktif versions from 2024 through 28082025 and arises from an authorization bypass via user-controlled keys, leading to missing authorization and exposure of sensitive information to an unauthorized a...

6.1CVSS5.4AI score0.00137EPSS
Exploits0References2
Rows per page
Query Builder