elastic
256 tracked vulnerabilities.
CVE-2024-12556
HIGH
Kibana 8.16.1-8.16.3 - Prototype Pollution and Code Injection via File Upload and Path Traversal
Apr 08, 2025
CVSS 8.7
EPSS 0.00
CVE-2024-52981
MEDIUM
Elasticsearch 7.17.0-7.17.23 - Denial of Service via Well-KnownText GeometryCollection Recursion
Apr 08, 2025
CVSS 4.9
EPSS 0.01
CVE-2024-52980
MEDIUM
Elasticsearch 7.17.0-8.15.0 - Denial of Service via PatternBank Recursion
Apr 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-52974
MEDIUM
Kibana 7.17.0-7.17.23 - Denial of Service via Observability API
Apr 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43708
MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Payload to UI Inputs
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-52975
CRITICAL
Elastic Fleet Server 8.13.0-8.14.2 - Sensitive Information Exposure via Log Files
Jan 23, 2025
CVSS 9.0
EPSS 0.00
CVE-2024-52972
MEDIUM
Kibana < 7.17.23 - Denial of Service via Crafted Request to /api/metrics/snapshot
Jan 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43710
MEDIUM
Kibana 8.7.0-8.14.3 - Server-Side Request Forgery via Fleet Health Check API
Jan 23, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-43707
HIGH
Kibana 8.7.0-8.14.3 - Unauthorized Exposure of Elastic Agent Policy Information
Jan 23, 2025
CVSS 7.7
EPSS 0.00
CVE-2024-52973
MEDIUM
Kibana < 7.17.23 - Denial of Service via /api/log_entries/summary Request
Jan 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-43709
MEDIUM
Elasticsearch 7.17.0-7.17.20 - Denial of Service via SQL Function Query
Jan 21, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-37284
MEDIUM
Elastic Defend < - Memory Corruption
Jan 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-12539
MEDIUM
Elasticsearch 8.16.0-8.16.1 - Incorrect Authorization Bypass of Document Level Security
Dec 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37285
CRITICAL
Kibana 8.10.0-8.14.2 - Authenticated Remote Code Execution via YAML Deserialization
Nov 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-37288
CRITICAL
Kibana - Remote Code Execution via YAML Deserialization in AI Tools Amazon Bedrock Connector
Sep 09, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-37287
CRITICAL
Kibana 7.7.0-7.17.23 - Authenticated Remote Code Execution via Prototype Pollution in ML and Alerting Connector Features
Aug 13, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-37283
MEDIUM
Elastic Agent 8.6.0-8.14.2 - Sensitive Information Disclosure in Debug Logs
Aug 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-37286
MEDIUM
APM Server < 8.14.0 - Sensitive Information Disclosure in Error Logs
Aug 03, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-23444
MEDIUM
Elasticsearch 7.0.0-7.17.22 & 8.0.0-alpha1-8.12.4 - Unencrypted Private Key Storage
Jul 31, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-37281
MEDIUM
Kibana 7.0.0-7.17.23 - Denial of Service via Maliciously Crafted Requests
Jul 30, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-37282
HIGH
Elastic Cloud Enterprise 3.0.0-3.7.1 - Improper Authorization via API Key Privilege Escalation
Jun 28, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-23443
MEDIUM
Kibana 7.0.0-7.17.22 - Authenticated Denial of Service via Malicious Osquery Pack Upload
Jun 19, 2024
CVSS 4.9
EPSS 0.02
CVE-2024-23442
MEDIUM
Kibana < 7.17.22 - Open Redirect via Maliciously Crafted URL
Jun 14, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37280
MEDIUM
Elasticsearch 8.13.1-8.13.9 - Denial of Service via Passthrough Field Mapping
Jun 13, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-37279
MEDIUM
Kibana 8.6.3-8.13.0 - Authenticated Denial of Service via Alerting Rule Run Soon API
Jun 13, 2024
CVSS 4.3
EPSS 0.00
Products
kibana 117
elasticsearch 50
Kibana 32
logstash 13
elastic_cloud_enterprise 9
x-pack 9
beats 7
Elastic X-Pack Security 6
endpoint_security 6
elastic_agent 5
enterprise_search 5
Logstash 4
Elastic Defend 3
Elasticsearch 3
Packetbeat 3
apm_agent 3
apm_server 3
APM Server 2
Fleet Server 2
X-Pack Security 2
apm-server 2
elastic_app_search 2
elastic_beats 2
elastic_cloud_on_kubernetes 2
elasticsearch_x-pack 2
endgame 2
filebeat 2
fleet_server 2
kibana_x-pack 2
logstash_x-pack 2
Quick Filters