CVE-2026-4982

CVE-2026-4982 affects Venueless where a user with the privilege “update world” can exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The vulnerability arises from the reporting component allowing cross-world access ...

EUVD-2021-9293

Malicious code in bioql PyPI...

EUVD-2022-4510

Malicious code in bioql PyPI...

CVE-2025-23375

Dell PowerProtect Data Manager Reporting, versions 19.17, contains an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

Graylog 信息泄露漏洞

Graylog is a centralized log management solution from the American company Graylog. The product supports capturing, storing, and analyzing logs in real time, among other things. An information disclosure vulnerability exists in Graylog versions 6.1.0 and 6.1.1, which stems from the reporting...

Kibana 8.12.1, 7.17.18 Security Update (ESA-2024-04)

Kibana heap buffer overflow vulnerability ESA-2024-04 This issue requires authenticated access to Kibana. On Dec 21, 2023, Google Chrome announced CVE-2023-7024, described as “Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit...

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

PT-2023-12038 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: The issue concerns Kibana's embedded Chromium browser, used by the Reporting feature to generate downloadable reports. A user with report generation permissions may exploit known Chromium...

SUSE CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

Elastic Kibana 安全特征问题漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security feature issue vulnerability exists in Elastic Kibana, which stems from an embedded version...

Security feature bypass

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reportinguser role could execute a report with the permissions of another reporting user, possibly gaining access to...

CVE-2017-8446

The CVE-2017-8446 issue affects Elastic Kibana X-Pack: Reporting feature and standalone Reporting plugin prior to 5.5.2/2.4.6. The root cause is an impersonation flaw in the Reporting functionality, allowing a user with the reporting_user role to run a report with the permissions of another repor...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

New Clickjacking Scam Uses Facebook, Javascript, Our Primate Brain To Spread

A researcher at Kaspersky Lab is warning of a new scam that pastes racy photos to victims’ Facebook pages while forcing them to view Web-based advertisements promoted by the scammers. Writing on the Securelist blog, Kaspersky Lab Expert David Jacoby said that the scam was circulating among Facebo...