Lucene search
K

2005 matches found

Nuclei
Nuclei
added 2 days ago92 views

Kibana - Local File Inclusion

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with...

9.8CVSS7AI score0.82251EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 6:16 p.m.5 views

CVE-2026-49091

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:21 p.m.16 views

CVE-2026-49091

CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...

8CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 5:21 p.m.48 views

CVE-2026-49091 Improper Output Neutralization for Logs in Kibana Leading to Log Injection

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:21 p.m.6 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-49087

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-49088

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 4:59 p.m.34 views

CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:59 p.m.8 views

EUVD-2026-41093

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:59 p.m.5 views

CVE-2026-49088

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 4:59 p.m.12 views

CVE-2026-49088

Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:35 p.m.33 views

CVE-2026-49087 Allocation of Resources Without Limits or Throttling in Kibana Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:35 p.m.5 views

CVE-2026-49087

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 4:35 p.m.12 views

CVE-2026-49087

The CVE-2026-49087 issue concerns Kibana: Allocation of Resources Without Limits or Throttling (CWE-770) leading to a denial of service (CAPEC-130). An authenticated user can submit a crafted bulk deletion request that inflates resource use and can render Kibana unavailable. Connected sources spe...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 4:35 p.m.7 views

EUVD-2026-41088

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk deletion request that causes excessive resource consumption, which may render Kibana unavailable...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:29 p.m.8 views

EUVD-2026-41085

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:29 p.m.7 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 4:29 p.m.9 views

CVE-2026-56151

This CVE affects Kibana with Fleet: Improper Input Validation (CWE-20) enabling Denial of Service via crafted Fleet policy input. Affected versions include 8.x (8.0.0–8.19.16), 9.x (9.0.0–9.3.5 and 9.4.0–9.4.2). The root cause is input validation failure for Fleet policy inputs, allowing an authe...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:29 p.m.36 views

CVE-2026-56151 Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder