Lucene search
K

94 matches found

CVE
CVE
added yesterday6 views

CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score
Exploits0References4
Rockylinux
Rockylinux
added 2026/06/17 6:3 p.m.6 views

389-ds-base security, bug fix, and enhancement update

An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

7.5CVSS5.4AI score0.00815EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.14 views

SUSE CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.8 views

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...

8.8CVSS6.1AI score0.00456EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-37

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.4AI score0.11726EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : postgresql:12 (AXSA:2022-3790:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3790:01 advisory. postgresql: Autovacuum, REINDEX, and others omit security restricted operation sandbox CVE-2022-1552 Tenable has extracted the preceding description block...

8.8CVSS8AI score0.11726EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.7 views

Elasticsearch 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 (ESA-2025-27)

The version of Elasticsearch installed on the remote host is 7.0 prior to 8.19.8, 9.0 prior to 9.1.8, or 9.2.0 prior to 9.2.2. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-27 advisory. - Insertion of sensitive information in log file in Elasticsearch can lead to los...

7.4CVSS5.5AI score0.0016EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/19 9:45 a.m.8 views

Insertion Of Sensitive Information Into Log File

org.elasticsearch:elasticsearch is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of request auditing for the reindex API, which allows an attacker to expose sensitive data if specific logging conditions are met...

5.7CVSS6.9AI score0.00225EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2025-37727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the...

5.7CVSS8AI score0.00225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/20 10:25 a.m.9 views

CVE-2025-37727

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS6.3AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 8:39 a.m.9 views

BIT-ELASTICSEARCH-2025-37727 Elasticsearch Insertion of sensitive information in log file

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS6.6AI score0.00225EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 12:30 p.m.2 views

GHSA-56R7-H6MW-RCFV Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS7.2AI score0.00225EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/10 12:30 p.m.5 views

EUVD-2025-33703

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API...

5.7CVSS6.3AI score0.00225EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/10 12:30 p.m.11 views

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS6.6AI score0.00225EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/10/10 10:41 a.m.2 views

Insertion of Sensitive Information into Log File

Overview org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker...

6.9CVSS6.2AI score0.00225EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/10 10:41 a.m.6 views

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.2.0), ca.bc.gov.tno:elastic (>=0.0.1-alpha <=0.0.5-alpha) +106 more potentially affected by CVE-2025-37727 via org.elasticsearch.plugin:reindex-client (>=7.0.0-alpha1 <=7.9.3)

org.elasticsearch.plugin:reindex-client MAVEN version =7.0.0-alpha1, =j8.2.2.0, =0.0.1-alpha, =2.1.0.M8, =2.1.0.M8, =1.4.1, =1.4.0, =2.0.5, =7.0.0, =1.1.0, =5.0.3.7.4, =5.0.3.6, =0.0.1, =1.0.2, =1.0.3 - com.cherokeesoft.fias:Fias =1.0.1 and more Source cves: CVE-2025-37727 Source advisory:...

5.7CVSS5.8AI score0.00225EPSS
Exploits0
Snyk
Snyk
added 2025/10/10 10:41 a.m.3 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture...

6.9CVSS6.5AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2025/10/10 10:15 a.m.4 views

CVE-2025-37727

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/10/10 10:15 a.m.3 views

CVE-2025-37727

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex...

5.7CVSS6.5AI score
Exploits0References1
Rows per page
Query Builder