elastic

237 tracked vulnerabilities.

CVE-2025-25015 CRITICAL
Kibana 8.15.0-8.16.5 and 8.17.1-8.17.2 - Authenticated Remote Code Execution via Prototype Pollution
Mar 05, 2025
CVSS 9.9
EPSS 0.01
CVE-2024-43706 HIGH
Kibana < 8.12.0 - Improper Authorization via Synthetic Monitor Endpoint
Jun 10, 2025
CVSS 7.6
EPSS 0.00
CVE-2024-52979 MEDIUM
Elasticsearch < 7.17.25 - Denial of Service via Mustache Function in Search Templates
May 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-52976 MEDIUM
Elastic Agent subprocess - Code Injection
May 01, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-11994 MEDIUM
Elastic APM Server 8.0.0-8.16.0 - Sensitive Information Exposure in Error Logs
May 01, 2025
CVSS 5.7
EPSS 0.00
CVE-2024-11390 MEDIUM
Kibana 7.17.6-7.17.24 - Authenticated Unrestricted Upload of File with Dangerous Type
May 01, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-12556 HIGH
Kibana 8.16.1-8.16.3 - Prototype Pollution and Code Injection via File Upload and Path Traversal
Apr 08, 2025
CVSS 8.7
EPSS 0.01
CVE-2024-52981 MEDIUM
Elasticsearch 7.17.0-7.17.23 - Denial of Service via Well-KnownText GeometryCollection Recursion
Apr 08, 2025
CVSS 4.9
EPSS 0.00
CVE-2024-52980 MEDIUM
Elasticsearch 7.17.0-8.15.0 - Denial of Service via PatternBank Recursion
Apr 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-52974 MEDIUM
Kibana 7.17.0-7.17.23 - Denial of Service via Observability API
Apr 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43708 MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Payload to UI Inputs
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-52975 CRITICAL
Elastic Fleet Server 8.13.0-8.14.2 - Sensitive Information Exposure via Log Files
Jan 23, 2025
CVSS 9.0
EPSS 0.00
CVE-2024-52972 MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Request to /api/metrics/snapshot
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43710 MEDIUM
Kibana 8.7.0-8.14.3 - Server-Side Request Forgery via Fleet Health Check API
Jan 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-43707 HIGH
Kibana 8.7.0-8.14.3 - Unauthorized Exposure of Elastic Agent Policy Information
Jan 23, 2025
CVSS 7.7
EPSS 0.01
CVE-2024-52973 MEDIUM
Kibana < 7.17.23 - Denial of Service via /api/log_entries/summary Request
Jan 21, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-43709 MEDIUM
Elasticsearch 7.17.0-7.17.20 - Denial of Service via SQL Function Query
Jan 21, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-37284 MEDIUM
Elastic Defend < - Memory Corruption
Jan 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-12539 MEDIUM
Elasticsearch 8.16.0-8.16.1 - Incorrect Authorization Bypass of Document Level Security
Dec 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37285 CRITICAL
Kibana 8.10.0-8.14.2 - Authenticated Remote Code Execution via YAML Deserialization
Nov 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-37288 CRITICAL
Kibana - Remote Code Execution via YAML Deserialization in AI Tools Amazon Bedrock Connector
Sep 09, 2024
CVSS 9.9
EPSS 0.02
CVE-2024-37287 CRITICAL
Kibana 7.7.0-7.17.23 - Authenticated Remote Code Execution via Prototype Pollution in ML and Alerting Connector Features
Aug 13, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-37283 MEDIUM
Elastic Agent 8.6.0-8.14.2 - Sensitive Information Disclosure in Debug Logs
Aug 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37286 MEDIUM
APM Server < 8.14.0 - Sensitive Information Disclosure in Error Logs
Aug 03, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-23444 MEDIUM
Elasticsearch 7.0.0-7.17.22 & 8.0.0-alpha1-8.12.4 - Unencrypted Private Key Storage
Jul 31, 2024
CVSS 4.9
EPSS 0.01
Products
kibana 103 elasticsearch 47 Kibana 18 logstash 13 elastic_cloud_enterprise 9 x-pack 9 beats 7 Elastic X-Pack Security 6 elastic_agent 5 endpoint_security 5 enterprise_search 5 Logstash 4 Packetbeat 3 apm_agent 3 apm_server 3 APM Server 2 Elastic Defend 2 X-Pack Security 2 apm-server 2 elastic_app_search 2 elastic_beats 2 elastic_cloud_on_kubernetes 2 elasticsearch_x-pack 2 endgame 2 filebeat 2 kibana_x-pack 2 logstash_x-pack 2 Beats 1 Elastic Cloud Enterprise 1 Elastic Package Registry 1
Quick Filters
Critical CVEs With Exploits In CISA KEV