BIT-ELK-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

Apache Superset Security Bypass Vulnerability (CNVD-2026-13252)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to bypass data access controls...

BIT-SUPERSET-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2017-9711 Permissions, Privileges, and Access Controls in Data

Certain unprivileged processes are able to perform IOCTL calls...

Elasticsearch 信息泄露漏洞

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing, and supports data indexing using JSON over HTTP. Elasticsearch There is an information disclosure vulnerability that can be exploite...