Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/06/12 3:16 p.m.15 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
CVE
CVEadded 2026/06/12 2:1 p.m.18 views

CVE-2026-7368

The CVE covers Yarbo Android/iOS mobile app and Yarbo cloud infrastructure where per-device/user authorization is not enforced. The system allows any client with valid credentials to subscribe to wildcard topics for all robots and publish to any robot’s command topic using only the robot’s serial...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
OSV
OSVadded 2026/01/20 8:55 p.m.6 views

GHSA-4R5R-CCR6-Q6F6 Fleet has an Access Control vulnerability in debug/pprof endpoints

Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...

7.1CVSS5.5AI score0.00246EPSS
Exploits0References5
OSV
OSVadded 2025/01/27 7:12 a.m.8 views

BIT-KIBANA-2024-43707 Kibana exposure of sensitive information to an unauthorized actor

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

7.7CVSS7.3AI score0.0041EPSS
Exploits0References2
OSV
OSVadded 2025/01/23 6:15 a.m.2 views

CVE-2024-43707

An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...

6.5CVSS6.2AI score
Exploits0References1
CNNVD
CNNVDadded 2025/01/23 12:0 a.m.3 views

Elastic Kibana 信息泄露漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that originates from a user who does not have access to Fleet viewing Elastic Agent policies that may contain sensitive information...

7.7CVSS6.4AI score0.0041EPSS
Exploits0References2
OSV
OSVadded 2021/12/15 7:15 a.m.3 views

CVE-2021-41557

Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting XSS. An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section or change existing work orders. The XSS payload is in the work order number...

5.4CVSS5.8AI score0.00771EPSS
Exploits3References2
Rows per page
Query Builder