| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-37729 | Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine | Elastic | Elastic Cloud Enterprise (ECE) | Critical | 9.1 | 2025-10-13 13:47:09 | Deep Dive |
| CVE-2025-37727 | Elasticsearch Insertion of sensitive information in log file | Elastic | Elasticsearch | Medium | 5.7 | 2025-10-10 09:56:15 | Deep Dive |
| CVE-2025-25017 | Kibana Stored Cross-Site Scripting (XSS) | Elastic | Kibana | High | 8.2 | 2025-10-10 09:53:26 | Deep Dive |
| CVE-2025-25018 | Kibana Stored Cross-Site Scripting (XSS) | Elastic | Kibana | High | 8.7 | 2025-10-10 09:50:35 | Deep Dive |
| CVE-2025-25009 | Kibana Cross-Site Scripting (XSS) | Elastic | Kibana | High | 8.7 | 2025-10-07 13:59:01 | Deep Dive |
| CVE-2025-37728 | Kibana Insufficiently Protected Credentials in the CrowdStrike Connector | Elastic | Kibana | Medium | 5.4 | 2025-10-07 13:54:50 | Deep Dive |
| CVE-2025-25010 | Kibana privilege escalation via reporting_user role | Elastic | Kibana | Medium | 6.5 | 2025-08-28 15:52:09 | Deep Dive |
| CVE-2025-25011 | Beats Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer | Elastic | Beats | High | 7.0 | 2025-07-30 00:15:43 | Deep Dive |
| CVE-2025-0712 | APM Server Uncontrolled Search Path Element can lead to Local Privilege Escalation (LPE) when using the Windows Installer | Elastic | APM Server | High | 7.0 | 2025-07-30 00:12:44 | Deep Dive |
| CVE-2025-25012 | Kibana Open Redirect | Elastic | Kibana | Medium | 4.3 | 2025-06-25 11:52:54 | Deep Dive |
| CVE-2024-43706 | Kibana Improper Authorization | Elastic | Kibana | High | 7.6 | 2025-06-10 16:59:55 | Deep Dive |
| CVE-2025-28985 | WordPress Elastic Email Subscribe Form plugin <= 1.2.2 - Broken Access Control Vulnerability | Elastic Email | Elastic Email Subscribe Form | Medium | 5.4 | 2025-06-06 12:54:31 | Deep Dive |
| CVE-2025-25014 | Kibana arbitrary code execution via prototype pollution | Elastic | Kibana | Critical | 9.1 | 2025-05-06 17:30:45 | Deep Dive |
| CVE-2025-37730 | Logstash Improper Certificate Validation in TCP output | Elastic | Logstash | Medium | 6.5 | 2025-05-06 17:29:07 | Deep Dive |
| CVE-2024-52979 | Elasticsearch Uncontrolled Resource Consumption vulnerability | Elastic | Elasticsearch | Medium | 6.5 | 2025-05-01 13:13:07 | Deep Dive |
| CVE-2024-11390 | Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS | Elastic | Kibana | Medium | 5.4 | 2025-05-01 13:11:14 | Deep Dive |
| CVE-2025-25016 | Kibana Unrestricted Upload of File | Elastic | Kibana | Medium | 4.3 | 2025-05-01 13:09:17 | Deep Dive |
| CVE-2024-11994 | APM Server Insertion of Sensitive Information into Log File | Elastic | APM Server | Medium | 5.7 | 2025-05-01 13:06:54 | Deep Dive |
| CVE-2024-52976 | Elastic Agent Inclusion of Functionality from Untrusted Control Sphere | Elastic | Elastic Agent | Medium | 4.4 | 2025-05-01 13:03:59 | Deep Dive |
| CVE-2023-46669 | Elastic Agent / Elastic Endpoint Security local API key disclosure | Elastic | Elastic Agent and Elastic Defend | Medium | 6.2 | 2025-05-01 12:59:49 | Deep Dive |