Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49091 |
|
Vulnerability in elastic (CVE-2026-49091)
vulnerability in elastic (CVE-2026-49091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49090 |
|
Vulnerability in dos (CVE-2026-49090)
vulnerability in dos (CVE-2026-49090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56151 |
|
Vulnerability in dos (CVE-2026-56151)
vulnerability in dos (CVE-2026-56151). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56152 |
|
Authorization Flaw in elastic (CVE-2026-56152)
vulnerability in elastic (CVE-2026-56152). Confidential information can be exposed externally.
|
| CVE-2026-56150 |
|
Vulnerability in dos (CVE-2026-56150)
vulnerability in dos (CVE-2026-56150). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56149 |
|
Vulnerability in dos (CVE-2026-56149)
vulnerability in dos (CVE-2026-56149). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49088 |
|
Vulnerability in elastic (CVE-2026-49088)
vulnerability in elastic (CVE-2026-49088). Confidential information can be exposed externally.
|
| CVE-2026-49087 |
|
Vulnerability in dos (CVE-2026-49087)
vulnerability in dos (CVE-2026-49087). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49094 |
|
Vulnerability in elk (CVE-2026-49094)
vulnerability in elk (CVE-2026-49094). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16` or later.
|
| CVE-2026-49095 |
|
Vulnerability in elk (CVE-2026-49095)
vulnerability in elk (CVE-2026-49095). Confidential information can be exposed externally. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
|
| CVE-2026-49093 |
|
SSRF (Server-Side Request Forgery) in elk (CVE-2026-49093)
SSRF in elk (CVE-2026-49093). Confidential information can be exposed externally. Mitigation: upgrade to `9.3.3` or later.
|
| CVE-2026-42398 |
|
SSRF (Server-Side Request Forgery) in elk (CVE-2026-42398)
SSRF in elk (CVE-2026-42398). Confidential information can be exposed externally. Mitigation: upgrade to `9.2.8, 9.3.2` or later.
|
| CVE-2026-42400 |
|
Vulnerability in elk (CVE-2026-42400)
vulnerability in elk (CVE-2026-42400). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
|
| CVE-2026-42399 |
|
Vulnerability in elk (CVE-2026-42399)
vulnerability in elk (CVE-2026-42399). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
|
| CVE-2026-42401 |
|
Cross-Site Scripting (XSS) in elk (CVE-2026-42401)
cross-site scripting in elk (CVE-2026-42401). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.4.0` or later.
|
| CVE-2026-33464 |
|
Vulnerability in elk (CVE-2026-33464)
vulnerability in elk (CVE-2026-33464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.4.2` or later.
|
| CVE-2026-33462 |
|
Path Traversal in elk (CVE-2026-33462)
path traversal in elk (CVE-2026-33462). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.3.5` or later.
|
| CVE-2014-3120 KEV |
|
[KEV] Vulnerability in elastic (CVE-2014-3120)
vulnerability in elastic (CVE-2014-3120). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-1427 KEV |
|
[KEV] Vulnerability in elastic (CVE-2015-1427)
vulnerability in elastic (CVE-2015-1427). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-7609 KEV |
|
[KEV] Code Injection in Elastic kibana (CVE-2019-7609)
code injection in Elastic kibana (CVE-2019-7609). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-11482 |
|
Open Redirect in elastic (CVE-2017-11482)
vulnerability in elastic (CVE-2017-11482). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11481 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2017-11481)
cross-site scripting in elastic (CVE-2017-11481). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8448 |
|
Vulnerability in elastic (CVE-2017-8448)
vulnerability in elastic (CVE-2017-8448). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8447 |
|
Vulnerability in elastic (CVE-2017-8447)
vulnerability in elastic (CVE-2017-8447). Data can be tampered with by attackers.
|
| CVE-2017-11479 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2017-11479)
cross-site scripting in elastic (CVE-2017-11479). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8445 |
|
Vulnerability in elastic (CVE-2017-8445)
vulnerability in elastic (CVE-2017-8445). Data can be tampered with by attackers.
|
| CVE-2015-5619 |
|
Vulnerability in elastic (CVE-2015-5619)
vulnerability in elastic (CVE-2015-5619). Confidential information can be exposed externally.
|
| CVE-2017-8442 |
|
Vulnerability in elastic (CVE-2017-8442)
vulnerability in elastic (CVE-2017-8442). Confidential information can be exposed externally.
|
| CVE-2017-8443 |
|
Vulnerability in elastic (CVE-2017-8443)
vulnerability in elastic (CVE-2017-8443). Confidential information can be exposed externally.
|
| CVE-2015-5378 |
|
Information Disclosure in elastic (CVE-2015-5378)
vulnerability in elastic (CVE-2015-5378). Confidential information can be exposed externally.
|
| CVE-2016-10365 |
|
Open Redirect in elastic (CVE-2016-10365)
vulnerability in elastic (CVE-2016-10365). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-9056 |
|
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
|
| CVE-2016-1000218 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2016-1000218)
vulnerability in csrf (CVE-2016-1000218). Successful exploitation can lead to full system takeover.
|
| CVE-2016-1000219 |
|
Vulnerability in elastic (CVE-2016-1000219)
vulnerability in elastic (CVE-2016-1000219). Data can be tampered with by attackers. Exploitable via `Authorization header`.
|
| CVE-2016-1000220 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2016-1000220)
cross-site scripting in elastic (CVE-2016-1000220). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-1000221 |
|
Information Disclosure in elastic (CVE-2016-1000221)
vulnerability in elastic (CVE-2016-1000221). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2016-1000222 |
|
Vulnerability in elastic (CVE-2016-1000222)
vulnerability in elastic (CVE-2016-1000222). Data can be tampered with by attackers.
|
| CVE-2016-10363 |
|
Vulnerability in dos (CVE-2016-10363)
vulnerability in dos (CVE-2016-10363). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-10364 |
|
Vulnerability in elastic (CVE-2016-10364)
vulnerability in elastic (CVE-2016-10364). Confidential information can be exposed externally.
|
| CVE-2017-8450 |
|
Vulnerability in elastic (CVE-2017-8450)
vulnerability in elastic (CVE-2017-8450). Confidential information can be exposed externally.
|
| CVE-2016-10366 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2016-10366)
cross-site scripting in elastic (CVE-2016-10366). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8449 |
|
Vulnerability in elastic (CVE-2017-8449)
vulnerability in elastic (CVE-2017-8449). Confidential information can be exposed externally.
|
| CVE-2017-8451 |
|
Open Redirect in elastic (CVE-2017-8451)
vulnerability in elastic (CVE-2017-8451). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8441 |
|
Vulnerability in elastic (CVE-2017-8441)
vulnerability in elastic (CVE-2017-8441). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8440 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2017-8440)
cross-site scripting in elastic (CVE-2017-8440). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8439 |
|
Cross-Site Scripting (XSS) in elastic (CVE-2017-8439)
cross-site scripting in elastic (CVE-2017-8439). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8438 |
|
Vulnerability in privilege-escalation (CVE-2017-8438)
vulnerability in privilege-escalation (CVE-2017-8438). Successful exploitation can lead to full system takeover.
|