Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. Th
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where n
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.
An attacker requires local
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulati
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent pol
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6.
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/_bulk endpoint. This endpoint accepts bulk l
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads t
Page 1+ Next →