Lucene search
K

1800 matches found

Nuclei
Nuclei
added yesterday80 views

Elasticsearch 7.10.0-7.13.3 - Information Disclosure

ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...

6.5CVSS7AI score0.76249EPSS
Exploits6References5
Nuclei
Nuclei
added 6 days ago92 views

Kibana - Local File Inclusion

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with...

9.8CVSS7AI score0.82251EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:32 p.m.7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:32 p.m.8 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:32 p.m.34 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:32 p.m.12 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Chainguard
Chainguard
added 2026/07/01 8:44 a.m.10 views

GHSA-PJV4-3C63-699F vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, elastic-agent...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/01 8:44 a.m.6 views

CVE-2026-42602 vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, elastic-agent...

8.1CVSS6.1AI score0.00222EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54867

Name of the Vulnerable Software and Affected Versions Elastic Defend affected versions not specified Description Incorrect authorization allows a low-privileged authenticated user to access response action data they are not authorized to view. This occurs because functionality is not properly...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.5 views

CVE-2023-49922 vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, apm-server-fips, cloudbeat, apm-server, cloudbeat-fips, elastic-agent...

6.8CVSS6.7AI score0.00589EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.6 views

GHSA-HJ4R-2C9C-29H3 vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, apm-server-fips, cloudbeat, apm-server, cloudbeat-fips, elastic-agent...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/28 8:22 a.m.10 views

CVE-2026-48496 vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, elastic-agent...

6.1AI score0.00017EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/28 8:22 a.m.7 views

GHSA-F2R5-5M7W-P5CX vulnerabilities

Vulnerabilities for packages: elastic-agent-fips, elastic-agent...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: zarf-fips, harbor, osv-scanner, rancher, knative-eventing-fips, spire-server, k9s-fips, argocd-image-updater, vitess, docker-machine-driver-harvester, trivy-fips, cloudbeat, mattermost, prometheus-mongodb-exporter, flux-image-automation-controller-fips, snyk-cli,...

6.1AI score
Exploits0
CVE
CVE
added 2026/06/25 12:58 p.m.23 views

CVE-2026-40012

The vulnerability CVE-2026-40012 affects configurations with ECS enabled, where ECS zero-scoped answers are stored in the packet cache instead of being properly restricted, potentially leaking to clients. The issue has a network-based attack surface with low confidentiality impact (CVSS v3.1: 5.3...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:58 p.m.5 views

EUVD-2026-39356

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:58 p.m.6 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.9AI score0.00305EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 12:58 p.m.8 views

CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS5.8AI score0.00305EPSS
Exploits0
CVE
CVE
added 2026/06/24 1:20 p.m.104 views

CVE-2026-57295

CVE-2026-57295 describes a CSRF vulnerability in Jenkins EC2 Fleet Plugin (versions up to 4.2.3.539.v8fedff2a_81c3 and earlier). The issue lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained by another method, potentially captur...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder