elastic
256 tracked vulnerabilities.
CVE-2025-37732
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Cross-Site Scripting via Integration Package Upload
Dec 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-37731
MEDIUM
Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.7 - User Impersonation via PKI Realm Client Certificate
Dec 15, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-37734
MEDIUM
Kibana Observability AI Assistant - Forged Origin Server-Side Request Forgery
Nov 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-37736
HIGH
Elastic Cloud Enterprise - Privilege Escalation
Nov 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-37735
HIGH
Elastic Defend - Privilege Escalation
Nov 06, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-37729
CRITICAL
Elastic Cloud Enterprise - Info Disclosure
Oct 13, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-37727
MEDIUM
Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.18.7 - Sensitive Information Disclosure in Reindex API Audit Logs
Oct 10, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-25018
HIGH
Kibana 7.0.0-8.18.8 - Stored Cross-Site Scripting
Oct 10, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-25017
HIGH
Kibana 7.0.0-8.18.7 - Cross-Site Scripting
Oct 10, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-37728
MEDIUM
Crowdstrike Connector - Info Disclosure
Oct 07, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-25009
HIGH
Kibana 7.0.0-8.18.7 - Stored Cross-Site Scripting via Case File Upload
Oct 07, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-25010
MEDIUM
Kibana 9.0.0-9.0.5 - Incorrect Authorization via Reporting User Role
Aug 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25011
HIGH
Elastic Beats 8.0.0-9.0.2 - Local Privilege Escalation via Insecure Directory Permissions
Jul 30, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-0712
HIGH
Elastic APM Server 8.16-8.16.1 and 8.17 - Local Privilege Escalation via Insecure Directory Permissions
Jul 30, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-25012
MEDIUM
Kibana 7.0.0-7.17.29 - Open Redirect and Server-Side Request Forgery via Crafted URL
Jun 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-37730
MEDIUM
Logstash 8.0.0-8.17.5, 8.18.0, 9.0.0 - Improper Certificate Validation in TCP Output
May 06, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25014
CRITICAL
Kibana 8.3.0-8.17.5 - Prototype Pollution via Machine Learning and Reporting Endpoints
May 06, 2025
CVSS 9.1
EPSS 0.15
CVE-2025-25016
MEDIUM
Kibana 7.17.0-7.17.18 - Authenticated Unrestricted File Upload
May 01, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-25013
MEDIUM
Elastic Defend 8.0.0-8.17.2 - Sensitive Information Exposure via Unfiltered Environment Variables
Apr 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25015
CRITICAL
Kibana 8.15.0-8.16.5 and 8.17.1-8.17.2 - Authenticated Remote Code Execution via Prototype Pollution
Mar 05, 2025
CVSS 9.9
EPSS 0.01
CVE-2024-43706
HIGH
Kibana < 8.12.0 - Improper Authorization via Synthetic Monitor Endpoint
Jun 10, 2025
CVSS 7.6
EPSS 0.00
CVE-2024-52979
MEDIUM
Elasticsearch < 7.17.25 - Denial of Service via Mustache Function in Search Templates
May 01, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-52976
MEDIUM
Elastic Agent subprocess - Code Injection
May 01, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-11994
MEDIUM
Elastic APM Server 8.0.0-8.16.0 - Sensitive Information Exposure in Error Logs
May 01, 2025
CVSS 5.7
EPSS 0.00
CVE-2024-11390
MEDIUM
Kibana 7.17.6-7.17.24 - Authenticated Unrestricted Upload of File with Dangerous Type
May 01, 2025
CVSS 5.4
EPSS 0.00
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters