CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:22 p.m.•7 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS5.6AI score0.00304EPSS

RedhatCVE•added 2026/06/05 7:15 p.m.•6 views

CVE-2026-2253

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

7.7CVSS5.4AI score0.00201EPSS

RedhatCVE•added 2026/06/05 6:48 p.m.•6 views

CVE-2024-40684

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

9.8CVSS5.5AI score0.0036EPSS

Packet Storm News•added 2026/06/04 12:0 a.m.•8 views

Cognitive Threat Intelligence and Explainable Federated Security Analytics for Distributed Infrastructure Systems

The increasing adoption of distributed infrastructure systems, cloud computing, Internet of Things IoT technologies, and edge-based architectures has significantly expanded the cybersecurity attack surface and introduced increasingly sophisticated cyber threats. Conventional centralized intrusion...

5.5AI score

Exploits0

Tenable Nessus•added 2026/06/04 12:0 a.m.•7 views

Kibana 8.x < 8.19.16 DoS (ESA-2026-39)

The version of Kibana installed on the remote host is 8.x prior to 8.19.16. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-39 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An...

6.5CVSS5.5AI score0.0024EPSS

vulnersOsv•added 2026/06/03 10:23 a.m.•4 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2026-4035 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-17135850...

9.1CVSS7.7AI score0.00315EPSS

Exploits1

Veeam•added 2026/06/02 12:0 a.m.•23 views

Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10

Challenge After upgrading Veeam ONE to version 13.0.x, the Veeam Analytics Service installation fails with the following error: Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10. The failure...

5.4AI score

Exploits0Affected Software1

OSV•added 2026/06/01 11:42 a.m.•4 views

BIT-KIBANA-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

OSV•added 2026/06/01 11:39 a.m.•5 views

BIT-ELK-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Patchstack•added 2026/06/01 8:45 a.m.•6 views

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by mcdruid in WordPress Plugin Slimstat Analytics versions 5.4.0...

6.5CVSS5.8AI score0.00252EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/05/29 8:13 p.m.•7 views

CVE-2026-49094

IBM Security Bulletins•added 2026/05/29 5:43 p.m.•10 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS) due to Apache Commons FileUpload

Summary Apache Commons FileUpload in WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the parse and process HTTP requests for handling file uploads. CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...

7.5CVSS5.8AI score0.46836EPSS

Exploits1Affected Software1

Snyk•added 2026/05/28 10:44 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the analytics collections management endpoint. An attacker can cause the...

7.1CVSS5.3AI score0.0024EPSS

NVD•added 2026/05/28 9:16 p.m.•12 views

CVE-2026-49094

6.5CVSS0.0024EPSS

Cvelist•added 2026/05/28 7:49 p.m.•27 views

CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

6.5CVSS0.0024EPSS

EUVD•added 2026/05/28 7:49 p.m.•10 views

EUVD-2026-33034

Vulnrichment•added 2026/05/28 7:49 p.m.•7 views

CVE-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

CVE•added 2026/05/28 7:49 p.m.•20 views

CVE-2026-49094

CVE-2026-49094 affects Kibana’s analytics collections management endpoint. An authenticated user with viewer-level access can submit an oversized input, causing Kibana to exhaust CPU/memory and become unavailable (DoS). Affected versions include 8.x up to 8.19.15; mitigation is to upgrade to 8.19...