Lucene search
K

71 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32407

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.12 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kpt, mailpit, mariadb-operator-fips, cilium, sbomqs, prometheus-elasticsearch-exporter, secrets-store-csi-driver-provider-azure, terraform-provider-databricks-fips, xeol-fips, esbuild-fips, cert-manager-istio-csr-fips, crossplane-provider-gitlab, blob-csi,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0
Snyk
Snyk
added 2026/04/09 4:14 p.m.7 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the enrollment endpoint. An attacker can access Fleet Server policy details from unauthorized spaces b...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 6:34 p.m.4 views

EUVD-2026-20523

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.9AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 5:21 p.m.4 views

CVE-2026-33460

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 4:43 p.m.19 views

CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 7:22 p.m.3 views

GHSA-W254-4HP5-7CVV Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

Summary A Denial of Service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all connected hosts, MDM enrollments, and API consumers. Impact ...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:13 p.m.2 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:17 p.m.18 views

Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3Affected Software1
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.6 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, crossplane-provider-aws-cognitoidentity, grafana-alloy, apache-beam-python-3.12-sdk, traefik-fips, livekit-server-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-dynamodb-fips, kube-logging-operator, crossplane-provider-aws-sqs,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.9 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: splunk-otel-collector, crossplane-provider-aws-cognitoidentity, grafana-alloy, apache-beam-python-3.12-sdk, traefik-fips, livekit-server-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-dynamodb-fips, kube-logging-operator, crossplane-provider-aws-sqs,...

7.5CVSS7.1AI score0.00501EPSS
Exploits0
Snyk
Snyk
added 2026/01/20 8:55 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the JWT verification process. An attacker can gain unauthorized enrollment of rogue devices by submitting a forged JWT with arbitrary identity claims, as the system fails to verify th...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24413

Malware in sbrugna...

8.8CVSS8.5AI score0.00714EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46267

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-50858

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00473EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-37937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that t...

8.8CVSS7.7AI score0.00714EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.4 views

The vulnerability of the server software for managing Elastic Agent agents, known as Elastic Fleet Server, stems from deficiencies in access control. This allows a malicious individual to disclose sensitive information that is protected by this system.

The vulnerability of the server software for managing Elastic Agent agents in Elastic Fleet Server is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

9CVSS5.4AI score0.00269EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/01/23 8:15 a.m.13 views

CVE-2024-52975

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...

9CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/23 7:19 a.m.6 views

CVE-2024-52975 Fleet Server sensitive information exposure via logs

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...

9CVSS6.5AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/23 7:19 a.m.19 views

CVE-2024-52975 Fleet Server sensitive information exposure via logs

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...

9CVSS0.00269EPSS
Exploits0References1
Rows per page
Query Builder