CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

OSV•added 2026/05/21 6:28 a.m.•1 views

ROOT-APP-MAVEN-CVE-2025-68384 CVE-2025-68384 in io.root.org.elasticsearch.plugin:x-pack-security - Patched by Root

Root has patched CVE-2025-68384 in the io.root.org.elasticsearch.plugin:x-pack-security package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.7AI score0.00103EPSS

Exploits0

OSV•added 2026/04/28 11:11 a.m.•2 views

ROOT-APP-MAVEN-CVE-2025-68390 CVE-2025-68390 in io.root.org.elasticsearch.plugin:x-pack-core - Patched by Root

Root has patched CVE-2025-68390 in the io.root.org.elasticsearch.plugin:x-pack-core package for Root:Maven. Multiple fixed versions available...

4.9CVSS5.7AI score0.00268EPSS

Exploits0

EUVD•added 2026/04/24 12:0 a.m.•1 views

EUVD-2025-209573

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query paramete...

6.1CVSS5.1AI score0.00034EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:57 a.m.•1 views

CVE-2022-38299

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint...

4.3CVSS6.9AI score0.00177EPSS

Exploits0References1

Snyk•added 2025/12/15 11:39 a.m.•1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker...

7.6CVSS6.5AI score0.00038EPSS

Exploits0References2

RedhatCVE•added 2025/11/25 3:8 p.m.•3 views

CVE-2025-12977

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.9AI score0.00096EPSS

Exploits0References1

Cvelist•added 2025/11/24 2:40 p.m.•6 views

CVE-2025-12977 CVE-2025-12977

0.00096EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-15614

Malware in sbrugna...

8.1CVSS7.2AI score0.00296EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-51440

Malicious code in bioql PyPI...

6.1CVSS8.7AI score0.01546EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-40891

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00177EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:10 a.m.•5 views

CVE-2024-13221

The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.01546EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:5 p.m.•4 views

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.8AI score0.00301EPSS

Exploits0References1

NVD•added 2025/01/31 6:15 a.m.•10 views

CVE-2024-13221

6.1CVSS0.01546EPSS

Exploits1References1

CVE•added 2025/01/31 6:0 a.m.•75 views

CVE-2024-13221

CVE-2024-13221 relates to the Fantastic ElasticSearch WordPress plugin (versions 4.1.0 and earlier). The description and linked records confirm a reflected XSS vulnerability where an unsanitized parameter is echoed back on a page, potentially impacting high-privilege users such as admins. Public ...

6.1CVSS5.8AI score0.01546EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/01/31 6:0 a.m.•21 views

CVE-2024-13221 Fantastic Elasticsearch <= 4.1.0 - Reflected XSS

0.01546EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 5:35 a.m.•3 views

SUSE CVE-2013-4758

Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

6.8CVSS7.5AI score0.01216EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:33 a.m.•2 views

SUSE CVE-2018-3827

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...

8.1CVSS6.5AI score0.00296EPSS

Exploits0References3

OSV•added 2022/11/15 1:15 a.m.•21 views

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

7.5CVSS7.5AI score0.00418EPSS

Exploits0References3