BIT-KIBANA-2026-33462 Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

EUVD-2025-37218

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

CVE-2025-34277 Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

PT-2025-44518

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.1 Description The software contains a code injection issue stemming from inadequate validation of dashboard ID values before they are processed by an internal API. An attacker can leverage crafted...