BIT-ELK-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

CVE-2026-49094

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

EUVD-2026-33034

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

CVE-2026-49094

CVE-2026-49094 affects Kibana’s analytics collections management endpoint. An authenticated user with viewer-level access can submit an oversized input, causing Kibana to exhaust CPU/memory and become unavailable (DoS). Affected versions include 8.x up to 8.19.15; mitigation is to upgrade to 8.19...

BIT-DISCOURSE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were not authorized to view. Insufficient access control...

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

CVE-2026-33415

CVE-2026-33415 affects Discourse before fixed versions: 2026.1.3, 2026.2.2, and 2026.3.0. An authenticated moderator-level user could bypass category permissions via an insufficiently protected sentiment analytics endpoint, enabling retrieval of post contents, topic titles, and usernames from cat...

编号撤回

IBM Planning Analytics is an integrated planning solution that uses echarts data visualization, AI to automate planning, budgeting and forecasting, and drive smarter workflows. IBM Planning Analytics suffers from a path traversal vulnerability that allows all control requests to be submitted in a...

Exploit for Path Traversal in Vmware Cloud_Foundation

PoC exploit for CVE-2021-22005, a vulnerability in VMware vCenter Server allowing file upload to remote code execution. The target product/service is VMware vCenter Server, and the vulnerability class/vector is file upload to RCE. The probable entry point is a POST request to the...