CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/03/25 12:0 a.m.•2 views

Kibana 8.x < 8.19.12 / 9.x < 9.2.6 / 9.3.x < 9.3.1 Missing Authorization (ESA-2026-19)

The version of Kibana installed on the remote host is prior to 8.19.12, 9.2.6, or 9.3.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-19 advisory. - Missing Authorization CWE-862 in Kibana's server-side Detection Rule Management can lead to Unauthorized Endpoint...

RedhatCVE•added 2026/03/20 1:37 p.m.•2 views

CVE-2026-26939

A flaw was found in Kibana. An authenticated attacker with rule management privileges could exploit a missing authorization vulnerability in the server-side Detection Rule Management. This allows the attacker to configure unauthorized endpoint response actions, such as host isolation, process...

EUVD•added 2026/03/19 6:31 p.m.•1 views

Exploits0References4

EUVD-2026-13143

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

NVD•added 2026/03/19 6:16 p.m.•1 views

CVE-2026-26939

6.5CVSS0.00042EPSS

ATTACKERKB•added 2026/03/19 5:11 p.m.•1 views

CVE-2026-26939

Exploits0References2Affected Software1

CVE•added 2026/03/19 5:11 p.m.•11 views

CVE-2026-26939

CVE-2026-26939 affects Kibana’s server-side Detection Rule Management. Missing Authorization (CWE-862) could allow an authenticated attacker with rule management privileges to configure Unauthorized Endpoint Response Actions (host isolation, process termination, process suspension). Root cause an...

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/19 5:11 p.m.•0 views

CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

Cvelist•added 2026/03/19 5:11 p.m.•15 views

CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

6.5CVSS0.00042EPSS

Snyk•added 2026/03/19 5:11 p.m.•1 views

Missing Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Missing Authorization in the Detection Rule Management. An attacker can perform unauthorized system actions, such as host isolatio...

7.1CVSS5.9AI score0.00042EPSS

Elastic•added 2026/03/19 4:51 p.m.•4 views

Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...

Positive Technologies•added 2026/03/19 12:0 a.m.•3 views

PT-2026-26324

CNNVD•added 2026/03/19 12:0 a.m.•3 views

Exploits0References4

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from an lack of authorization in server-side rule management. This vulnerability could allow authenticated attackers to configure unauthorize...

CNNVD•added 2026/02/19 12:0 a.m.•3 views

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the protocol parameter input in the QoS...

6.1CVSS5.6AI score0.00024EPSS

Exploits1References4

Talos Blog•added 2025/12/09 11:0 a.m.•8 views

New in Snort3: Enhanced rule grouping for greater flexibility and control

Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT® rules with your organization's...

6.8AI score

CVE•added 2025/08/23 1:32 p.m.•12 views

CVE-2025-9362

CVE-2025-9362 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 (versions listed in PT-2025-34529). A stack-based overflow exists in urlFilterManageRule (/goform/urlFilterManageRule): manipulating urlFilterRuleName, scheduleUrl, or addURLFilter can trigger the overflow. The vulnerability ...

8.8CVSS6.5AI score0.00152EPSS

Exploits1References5Affected Software1

Gitee•added 2021/06/13 3:41 p.m.•1 views

lua-resty-waf

This is a Lua library for building a web application firewall WAF on top of the OpenResty stack. The library is called "lua-resty-waf" and is maintained by Robert Paprocki p0pr0ck5. The library provides a set of APIs for loading and managing rules, as well as for logging and storing data. It also...

8AI score

CNVD•added 2020/04/02 12:0 a.m.•1 views

Command Execution Vulnerability in YKCMS v5 Backend Rule Management System

YKCMS5 is a film and television system specifically tailored for film and television collection. YKCMS v5 backend rules management system has a command execution vulnerability that can be exploited by attackers to obtain web server administrator privileges...

7.3AI score

CNVD•added 2017/05/11 12:0 a.m.•4 views

RedHat JBoss BRMS and BPM Suite Cross-Site Scripting Vulnerability

RedHat JBoss BRMS is a comprehensive business process automation platform that integrates business rules management, business process management BPM and complex event processing CEP into a single open source solution. A cross-site scripting vulnerability exists in RedHat JBoss BRMS and BPM Suite...

6.1CVSS6.1AI score0.00655EPSS

Kitploit•added 2016/12/07 2:12 p.m.•120 views

pulledpork - Pulled Pork for Snort and Suricata Rule Management

PulledPork for Snort and Suricata rule management from Google code Features and Capabilities Automated downloading, parsing, state modification and rule modification for all of your snort rulesets. Checksum verification for all major rule downloads Automatic generation of updated sid-msg.map file...

7.1AI score