12 matches found
CVE-2026-26940
Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...
PT-2026-26325
Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...
BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
BIT-ELK-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
EUVD-2026-8872
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937
The CVE-2026-26937 entry describes an Uncontrolled Resource Consumption (CWE-400) in the Timelion component of Kibana that can lead to Denial of Service (CAPEC-153). The CVSS 3.1 base metrics indicate a Medium severity (6.5) with network attack vector, low attack complexity, and low privileges re...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service
Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...
Metasploit Weekly Wrap-Up
Flask Cookies This week includes two modules related to Flask cookie signatures. One is specific to Apache Superset where session cookies can be resigned, allowing an attacker to elevate their privileges and dump the database connection strings. While adding this functionality, community member...
Elastic Stack 6.8.11 and 7.8.1 security update
Kibana regular expression denial of service flaw ESA-2020-09 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service DoS flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming...
X-Pack Alerting and Kibana 5.6.1 security update
X-Pack alerting privileged user multiple issues An error was found in the permission model used by X-Pack alerting whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. Affected Versions: 5.0.0 to 5.6.0 Solutions and Mitigations...