Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 / 9.4.x < 9.4.1 DoS (ESA-2026-32)

The version of Kibana installed on the remote host is prior to 8.19.16, 9.3.5, or 9.4.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-32 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-13...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References2
Elastic
Elastic
added 2026/05/28 7:25 p.m.34 views

Kibana 9.2.8, and 9.3.2 Security Update (ESA-2026-37)

Server-Side Request Forgery SSRF in Kibana Leading to Unauthorized Network Access Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Elastic
Elastic
added 2026/02/26 4:53 p.m.13 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-13)

Improper Input Validation in Kibana Leading to Denial of Service Improper Input Validation CWE-20 in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153 Affected Versions: 8.x: All versions from 8.4.0 up to and including 8.19....

6.5CVSS5.4AI score0.00278EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

Kibana 7.10.x < 7.17.30 / 8.x < 8.19.10 / 9.1.x < 9.1.10 / 9.2.x < 9.2.4 (ESA_2026_03)

The version of Kibana installed on the remote host is prior to 8.19.10, 9.1.10, or 9.2.4. It is, therefore, affected by a vulnerability as referenced in the ESA202603 advisory. - An allocation of resources without limits or throttling vulnerability in Kibana Fleet leads to excessive resource...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/12 9:57 a.m.2 views

Origin Validation Error

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Origin Validation Error via improper validation of the Origin HTTP header in the Observability AI Assistant. An attacker can make...

5.3CVSS6.8AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2020-28153

Malware in sbrugna...

4.8CVSS6.2AI score0.01085EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-1548

Malware in sbrugna...

6.1CVSS6.3AI score0.0094EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-3099

Malware in sbrugna...

6.1CVSS6.8AI score0.00837EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9004

Malware in sbrugna...

9.8CVSS9.2AI score0.01295EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-9290

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00999EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.3 views

Kibana 8.15.x < 8.17.3 Prototype Pollution

According to its self-reported version number, the Kibana application running on the remote host is 8.15.x prior to 8.17.3. It is, therefore, affected by a code execution via a crafted file upload and specifically crafted HTTP requests Note that the scanner has not tested for these issues but has...

9.9CVSS7.8AI score0.01248EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/11 12:0 a.m.5 views

Kibana 8.x < 8.10.1 Insertion of Sensitive Information into Log File

According to its self-reported version number, the Kibana application running on the remote host is 8.x prior to 8.10.1. It is, therefore, affected by an issue that can log sensitive information in Kibana logs in the event of an error. Note that the scanner has not tested for these issues but has...

9CVSS6.9AI score0.00656EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.4 views

Elastic Kibana 安全漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. A security vulnerability exists in Elastic Kibana versions 8.15.0 through 8.17.1 and 8.17.1 through 8.17.2, which stems from prototype contamination that could lead to the execution of arbitrary code...

9.9CVSS9.3AI score0.01248EPSS
Exploits0References2
Elastic
Elastic
added 2025/01/23 5:52 a.m.9 views

Kibana 7.17.23/8.15.0 Security Updates (ESA-2024-32, ESA-2024-33)

Kibana allocation of resources without limits or throttling leads to crash ESA-2024-33 An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the...

6.5CVSS6.6AI score0.00368EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

8CVSS6.4AI score0.00608EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.4 views

PT-2019-18668 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1 Description: The issue is related to a server side request forgery SSRF flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could s...

4.9CVSS4.7AI score0.02138EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2018/03/30 12:0 a.m.6 views

PT-2018-16215 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions after 5.1.1 and before 5.6.7 Kibana versions before 6.1.3 Description: A cross-site scripting XSS issue was found in the tag cloud visualization, potentially allowing an attacker to obtain sensitive information or perform...

6.1CVSS6AI score0.00736EPSS
Exploits0References4
Rows per page
Query Builder