Lucene search
K

117 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00251EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/13 1:18 a.m.13 views

CVE-2026-48022 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, kibana, opensearch-dashboards...

5.9AI score0.0001EPSS
Exploits0
OSV
OSV
added 2026/06/01 11:42 a.m.8 views

BIT-KIBANA-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 10:45 p.m.6 views

Directory Traversal

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Directory Traversal via the dashboard management functionality. An attacker can cause unauthorized deletion of user accounts or...

7.3CVSS6.1AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 9:16 p.m.18 views

CVE-2026-42400

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 7:40 p.m.11 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

4.1CVSS5.8AI score0.00141EPSS
Exploits0References1
Elastic
Elastic
added 2026/05/28 7:24 p.m.11 views

8.19.16, 9.3.5 Security Update (ESA-2026-33)

Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption and may lead to denial-of-service attacks. Users with viewer-level access and authenticated status can...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation, potentially leading to privilege escalation. Users with Fleet management privileges and who are authenticated...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input handling. This vulnerability may allow users with write permissions for Elasticsearch indexes to persistently store...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44491

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service via Excessive Allocation. An authenticated user with a low-privileged role can submit a specially crafted, oversized...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2018:3537)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3537 advisory. - kibana: Cross-site scripting via the source field formatter CVE-2018-3830 - nodejs: Out of bounds OOB write via UCS-2 encoding...

9.8CVSS7.3AI score0.86978EPSS
Exploits10References45
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.5 views

CVE-2026-39859 vulnerabilities

Vulnerabilities for packages: kibana...

7.5CVSS5.9AI score0.00447EPSS
Exploits0
Snyk
Snyk
added 2026/04/09 4:14 p.m.7 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the enrollment endpoint. An attacker can access Fleet Server policy details from unauthorized spaces b...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 4:14 p.m.3 views

Execution with Unnecessary Privileges

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Execution with Unnecessary Privileges in the Fleet plugin debug route handlers. An attacker can access index data outside of their...

7.7CVSS5.7AI score0.003EPSS
Exploits0References2
Elastic
Elastic
added 2026/04/08 4:1 p.m.55 views

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)

Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...

7.7CVSS5.8AI score0.003EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/19 1:17 a.m.6 views

CVE-2026-29085 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards-fips, kibana, librechat, opensearch-dashboards...

6.5CVSS5.9AI score0.0024EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.7 views

CVE-2026-26934

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 5:3 p.m.3 views

CVE-2026-26934

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder