94 matches found
CVE-2026-58449
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...
389-ds-base security, bug fix, and enhancement update
An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...
SUSE CVE-2026-7815
SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...
CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution
SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...
JLSEC-2026-37
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
MiracleLinux 8 : postgresql:12 (AXSA:2022-3790:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3790:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...
Elasticsearch 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 (ESA-2025-27)
The version of Elasticsearch installed on the remote host is 7.0 prior to 8.19.8, 9.0 prior to 9.1.8, or 9.2.0 prior to 9.2.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-27 advisory. - Insertion of sensitive information in log file in Elasticsearch can lead to los...
Insertion Of Sensitive Information Into Log File
org.elasticsearch:elasticsearch is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of request auditing for the reindex API, which allows an attacker to expose sensitive data if specific logging conditions are met...
Linux Distros Unpatched Vulnerability : CVE-2025-37727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
BIT-ELASTICSEARCH-2025-37727 Elasticsearch Insertion of sensitive information in log file
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
GHSA-56R7-H6MW-RCFV Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
EUVD-2025-33703
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API...
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
Insertion of Sensitive Information into Log File
Overview org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.2.0), ca.bc.gov.tno:elastic (>=0.0.1-alpha <=0.0.5-alpha) +106 more potentially affected by CVE-2025-37727 via org.elasticsearch.plugin:reindex-client (>=7.0.0-alpha1 <=7.9.3)
org.elasticsearch.plugin:reindex-client MAVEN version =7.0.0-alpha1, =j8.2.2.0, =0.0.1-alpha, =2.1.0.M8, =2.1.0.M8, =1.4.1, =1.4.0, =2.0.5, =7.0.0, =1.1.0, =5.0.3.7.4, =5.0.3.6, =0.0.1, =1.0.2, =1.0.3 - com.cherokeesoft.fias:Fias =1.0.1 and more Source cves: CVE-2025-37727 Source advisory:...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...