12 matches found
CVE-2026-26940
Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...
PT-2026-26325
Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...
BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
BIT-ELK-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
EUVD-2026-8872
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937
CVE-2026-26937 affects the Timelion component in Kibana . The issue is an Uncontrolled Resource Consumption (CWE-400) that can cause a Denial of Service via Input Data Manipulation (CAPEC-153) . Attack surface is network-based with no user interaction required per the CVSS data, leading to high i...
Metasploit Weekly Wrap-Up
Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...
Elastic Stack 6.8.11 and 7.8.1 security update
Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...
X-Pack Alerting and Kibana 5.6.1 security update
X-Pack alerting privileged user multiple issues An error was found in the permission model used by X-Pack alerting whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. Affected Versions: 5.0.0 to 5.6.0 Solutions and Mitigations...