91 matches found
SUSE CVE-2026-7815
SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...
CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution
SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...
JLSEC-2026-37
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
MiracleLinux 8 : postgresql:12 (AXSA:2022-3790:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3790:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...
Elasticsearch 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 (ESA-2025-27)
The version of Elasticsearch installed on the remote host is 7.0 prior to 8.19.8, 9.0 prior to 9.1.8, or 9.2.0 prior to 9.2.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-27 advisory. - Insertion of sensitive information in log file in Elasticsearch can lead to los...
Insertion Of Sensitive Information Into Log File
org.elasticsearch:elasticsearch is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of request auditing for the reindex API, which allows an attacker to expose sensitive data if specific logging conditions are met...
Linux Distros Unpatched Vulnerability : CVE-2025-37727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
BIT-ELASTICSEARCH-2025-37727 Elasticsearch Insertion of sensitive information in log file
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
GHSA-56R7-H6MW-RCFV Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
EUVD-2025-33703
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API...
Insertion of Sensitive Information into Log File
Overview org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.2.0), ca.bc.gov.tno:elastic (>=0.0.1-alpha <=0.0.5-alpha) +106 more potentially affected by CVE-2025-37727 via org.elasticsearch.plugin:reindex-client (>=7.0.0-alpha1 <=7.9.3)
org.elasticsearch.plugin:reindex-client MAVEN version =7.0.0-alpha1, =j8.2.2.0, =0.0.1-alpha, =2.1.0.M8, =2.1.0.M8, =1.4.1, =1.4.0, =2.0.5, =7.0.0, =1.1.0, =5.0.3.7.4, =5.0.3.6, =0.0.1, =1.0.2, =1.0.3 - com.cherokeesoft.fias:Fias =1.0.1 and more Source cves: CVE-2025-37727 Source advisory:...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
UBUNTU-CVE-2025-37727
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...
CVE-2025-37727
CVE-2025-37727 affects Elasticsearch. The vulnerability involves insertion of sensitive information into log files when auditing requests to the reindex API, potentially leading to confidentiality loss under specific preconditions. The CVSS 3.1 score is 5.7 (Medium) with attack vector Adjacent, c...