154 matches found
EUVD-2026-8865
Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
EUVD-2026-8863
Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937
CVE-2026-26937 affects the Timelion component in Kibana . The issue is an Uncontrolled Resource Consumption (CWE-400) that can cause a Denial of Service via Input Data Manipulation (CAPEC-153) . Attack surface is network-based with no user interaction required per the CVSS data, leading to high i...
CVE-2026-26937
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26932 Improper Validation of Array Index in Packetbeat Leading to Denial of Service
Improper Validation of Array Index CWE-129 in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requir...
PT-2026-22171
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in the Timelion component that allows for Denial of Service through manipulation of input data, resulting in uncontrolled resource consumption. This can lead to a disruption of...
CVE-2026-0528 Improper Input Validation in Metricbeat Leading to Denial of Service
Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...
CVE-2026-22712
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...
CVE-2026-22712
The CVE-2026-22712 issue affects MediaWiki’s ApprovedRevs extension (versions 1.39–1.45). The root cause is improper encoding or escaping of output due to a magic word replacement in ParserAfterTidy, which can enable input data manipulation by bypassing the inline CSS sanitizer. Exploitation deta...
CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39...
Mediawiki - ApprovedRevs Extension 安全漏洞
Mediawiki - ApprovedRevs Extension is an open source content quality control plugin for Mediawiki. A security vulnerability exists in Mediawiki - ApprovedRevs Extension versions 1.45, 1.44, 1.43, and 1.39, which stems from improper output encoding or escaping, and could lead to input data...
CVE-2025-8887
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation.This issue affects Aybs...
CVE-2025-8887
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...
CVE-2025-8887
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...
CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...
CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Manipulation. This issue affects Aybs...
CVE-2025-8887
The CVE-2025-8887 issue concerns Usta Information Systems Inc. Aybs Interaktif. Affects Aybs Interaktif versions from 2024 through 28082025 and arises from an authorization bypass via user-controlled keys, leading to missing authorization and exposure of sensitive information to an unauthorized a...