EUVD-2026-13143

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26939

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26931

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

CVE-2026-26933

Packetbeat contains an input validation flaw (CWE-129) in multiple protocol parser components that can trigger out‑of‑bounds reads and cause Denial of Service. An attacker who can send specially crafted, malformed network packets on the same network segment or via traffic routed to monitored inte...

EUVD-2026-8872

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

CVE-2026-26934

CVE-2026-26934 involves Kibana and an improper validation of input quantity (CWE-1284) that allows an authenticated user with view-only privileges to cause a Denial of Service by sending malformed payloads, leading to excessive resource consumption and Kibana unresponsiveness or crashes. The vuln...

Kibana 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-04)

Allocation of Resources Without Limits or Throttling in Kibana Fleet ESA-2026-04 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana Fleet can lead to Excessive Allocation CAPEC-130 via a specially crafted bulk retrieval request. This requires an attacker to have low-level...

CVE-2024-13066

CVE-2024-13066 describes an improper restriction of rendered UI layers or frames in Akinsoft LimonDesk (affected: s1.02.14 up to

CVE-2025-1929 SQLi in RiskTurk's Treasury Management Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi...

GHSA-XJ87-MQVH-88W2 fish-shop/syntax-check Improper Neutralization of Delimiters

Impact Improper neutralisation of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input value used in a workflow. This has the potential for exposure or exfiltrati...

FleetCart 4.1.1 Information Disclosure Vulnerability

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Windows 11 Pro 22H2...

FleetCart 4.1.1 Information Disclosure

Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 13/05/2024 Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Window...

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...

XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal Vulnerability

Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restricted Directory CWE-22, CWE 35...

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal

Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restrict...

tki114.com Cross Site Scripting vulnerability OBB-1325018

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...