CVE-2026-33459

CVE-2026-33459 affects Kibana via Uncontrolled Resource Consumption (CWE-400) in the automatic import feature. An authenticated user with Fleet/Integrations privileges can submit specially crafted, very large inputs; when multiple requests run concurrently, backend services can become unstable, c...

Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-26)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests wi...

PT-2026-31345

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently,...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability could allow authenticated users with access to automatic import capabilities to...

CVE-2026-35607

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the...

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

CVE-2026-5376

The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....

PT-2026-30872

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

Fedora 45 : moby-engine (2026-e520168745)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e520168745 advisory. Automatic update for moby-engine-29.4.0-1.fc45. Changelog Tue Apr 7 2026 Bradley G Smith - 29.4.0-1 - Update to release v29.4.0 - Resolves: rhbz2455894 -...

Fedora 45 : usd (2026-abd4c1829d)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-abd4c1829d advisory. Automatic update for usd-26.03-2.fc45. Changelog Mon Apr 6 2026 Benjamin A. Beasley - 26.03-2 - Backport fix for CVE-2026-34544 in OpenEXRCore - Fixes...

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

Linux Distros Unpatched Vulnerability : CVE-2026-23426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the layers node but fails...

PT-2026-40436

Name of the Vulnerable Software and Affected Versions cPanel versions prior to 11.134.0.26 Description Incorrect privilege management and insufficient path filtering in the cpdavd component allow an unauthenticated attacker to read arbitrary files on the server as root. This is achieved through a...

SUSE CVE-2026-23426

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the "layers" node but fails to release the reference, leading to a device node reference leak...

CVE-2026-23426

CVE-2026-23426 concerns the Linux kernel component drm/logicvc, where logicvc_drm_config_parse() creates a reference to a device node via of_get_child_by_name() but fails to release it, causing a device node reference leak. The issue is mitigated by applying a cleanup using the __free(device_node...

CVE-2026-23426

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvcdrmconfigparse The logicvcdrmconfigparse function calls ofgetchildbyname to find the "layers" node but fails to release the reference, leading to a device node reference leak...

PT-2026-30040

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc drm config parse The logicvc drm config parse function calls of get child by name to find the "layers" node but fails to release the reference, leading to a device node...

mansstimap

mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...