Lucene search
K

56 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 4:32 p.m.32 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:32 p.m.9 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 4:32 p.m.7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:32 p.m.7 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/03/20 4:0 p.m.13 views

Secure agentic AI end-to-end

Next week, RSAC™ Conference celebrates its 35-year anniversary as a forum that brings the security community together to address new challenges and embrace opportunities in our quest to make the world a safer place for all. As we look towards that milestone, agentic AI is reshaping industries...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/01/06 5:0 p.m.4 views

Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services

Security teams are being pushed to their limits as AI‑powered cyberattacks grow in speed, scale, and sophistication—and only 14% of organizations surveyed by the World Economic Forum report they feel confident they have the right people and skills needed to meet their cybersecurity objectives.1 A...

6.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/12/27 10:0 a.m.3 views

The US Must Stop Underestimating Drone Warfare

The future of conflict is cheap, rapidly manufactured, and tough to defend against...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2025/11/21 2:7 p.m.5 views

Get Certified on Wiz Defend for Threat Detection and Response

Wiz Defend Certification validates skills in cloud threat detection and response for SOC, IT, and security professionals...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/11/18 4:0 p.m.4 views

​​Ambient and autonomous security for the agentic era​​

Over the past year, I've had countless conversations with customers who are striving to unlock human ambition with AI. They are on their journey to become Frontier Firms, where humans and agents push the boundaries of innovation and create new possibilities, empowering humans to become limitless...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/07 2:51 p.m.4 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.7AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:31 p.m.5 views

EUVD-2025-37984

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.2AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 3:15 p.m.9 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 2:27 p.m.3 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.4AI score0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/11/06 2:27 p.m.4 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS5.9AI score0.0013EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/06 2:27 p.m.10 views

CVE-2025-37735

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 2:27 p.m.21 views

CVE-2025-37735

CVE-2025-37735 affects Elastic Defend on Windows. The issue is improper preservation of permissions in the Defend service (running as SYSTEM), which can lead to arbitrary file deletions and in some cases local privilege escalation. Affected versions include up to 8.19.5 and 9.0.0–9.1.5; fixed in ...

7CVSS6.4AI score0.0013EPSS
Exploits0References1
Elastic
Elastic
added 2025/11/06 2:25 p.m.14 views

Elastic Defend 8.19.6, 9.1.6, and 9.2.0 Security Update (ESA-2025-23)

Elastic Defend Improper Preservation of Permissions ESA-2025-23 Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS7.8AI score0.0013EPSS
Exploits0
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.6 views

Elastic Defend 安全漏洞

Elastic Defend is an application from the Dutch company Elastic. It provides prevention, detection and response capabilities, as well as deep visibility into EPP, EDR, SIEM and security analytics. A security vulnerability exists in Elastic Defend that stems from improperly saved permissions on a...

7CVSS7.5AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.7 views

PT-2025-45184

Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description An issue exists in Elastic Defend on Windows hosts where improper preservation of permissions can allow the Defend service, running as SYSTEM, to delete arbitrary files on the system...

7CVSS7.5AI score0.0013EPSS
Exploits0References11
Rows per page
Query Builder