Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / elastic

elastic

237 tracked vulnerabilities.

CVE-2025-68387 MEDIUM

Kibana 7.0.0-7.17.29 - Unauthenticated Cross-Site Scripting via Vega AST Evaluator

CVE-2025-68386 MEDIUM

Kibana 7.0.0-7.17.28 - Authenticated Privilege Escalation via Document Sharing Type Manipulation

CVE-2025-68385 HIGH

Kibana 7.0.0-7.17.29 - Authenticated Cross-Site Scripting via Vega Method

CVE-2025-68388 MEDIUM

Packetbeat 8.6.0-8.19.8 & <7.0.0-alpha2 - DoS via Malicious IPv4 Fragments

CVE-2025-68384 MEDIUM

Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.8 - Authenticated Denial of Service via Oversized User Settings Data

CVE-2025-68383 MEDIUM

Filebeat 7.0.0-7.17.28 and 7.7.0-8.19.8 - Denial of Service via Malformed Syslog Message or Dissect Tokenizer Pattern

CVE-2025-37732 MEDIUM

Kibana 7.0.0-7.17.29 - Authenticated Cross-Site Scripting via Integration Package Upload

CVE-2025-37731 MEDIUM

Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.7 - User Impersonation via PKI Realm Client Certificate

CVE-2025-37734 MEDIUM

Kibana Observability AI Assistant - Forged Origin Server-Side Request Forgery

CVE-2025-37736 HIGH

Elastic Cloud Enterprise - Privilege Escalation

CVE-2025-37735 HIGH

Elastic Defend - Privilege Escalation

CVE-2025-37729 CRITICAL

Elastic Cloud Enterprise - Info Disclosure

CVE-2025-37727 MEDIUM

Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.18.7 - Sensitive Information Disclosure in Reindex API Audit Logs

CVE-2025-25018 HIGH

Kibana 7.0.0-8.18.8 - Stored Cross-Site Scripting

CVE-2025-25017 HIGH

Kibana 7.0.0-8.18.7 - Cross-Site Scripting

CVE-2025-37728 MEDIUM

Crowdstrike Connector - Info Disclosure

CVE-2025-25009 HIGH

Kibana 7.0.0-8.18.7 - Stored Cross-Site Scripting via Case File Upload

CVE-2025-25010 MEDIUM

Kibana 9.0.0-9.0.5 - Incorrect Authorization via Reporting User Role

CVE-2025-25011 HIGH

Elastic Beats 8.0.0-9.0.2 - Local Privilege Escalation via Insecure Directory Permissions

CVE-2025-0712 HIGH

Elastic APM Server 8.16-8.16.1 and 8.17 - Local Privilege Escalation via Insecure Directory Permissions

CVE-2025-25012 MEDIUM

Kibana 7.0.0-7.17.29 - Open Redirect and Server-Side Request Forgery via Crafted URL

CVE-2025-37730 MEDIUM

Logstash 8.0.0-8.17.5, 8.18.0, 9.0.0 - Improper Certificate Validation in TCP Output

CVE-2025-25014 CRITICAL

Kibana 8.3.0-8.17.5 - Prototype Pollution via Machine Learning and Reporting Endpoints

CVE-2025-25016 MEDIUM

Kibana 7.17.0-7.17.18 - Authenticated Unrestricted File Upload

CVE-2025-25013 MEDIUM

Elastic Defend 8.0.0-8.17.2 - Sensitive Information Exposure via Unfiltered Environment Variables

Previous Page 2 of 10 Next

Products

kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy