| CVE-2015-4165 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Improper Access Control in Elasticsearch |
| CVE-2015-5531 |
medium |
— |
6.0 |
|
|
|
11y ago |
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch |
| CVE-2015-3337 |
medium |
— |
4.3 |
|
|
|
11y ago |
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch |
| CVE-2014-6439 |
medium |
— |
4.3 |
|
|
|
12y ago |
Cross-site scripting in Elasticsearch |
| CVE-2014-3120 |
unknown |
— |
2.5 |
|
|
|
4y ago |
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. |
| CVE-2015-1427 |
unknown |
— |
2.5 |
|
|
|
4y ago |
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. |
| CVE-2025-37731 |
unknown |
— |
— |
|
|
|
5mo ago |
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates |
| CVE-2025-37727 |
unknown |
— |
— |
|
|
|
8mo ago |
Elasticsearch: Insertion of Sensitive Information into Log File via reindex API |
| CVE-2024-52979 |
unknown |
— |
— |
|
|
|
1y ago |
Elasticsearch Uncontrolled Resource Consumption Vulnerability |
| CVE-2024-52981 |
unknown |
— |
— |
|
|
|
1y ago |
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion |
| CVE-2024-52980 |
unknown |
— |
— |
|
|
|
1y ago |
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function |
| CVE-2024-43709 |
unknown |
— |
— |
|
|
|
1y ago |
Elasticsearch allocation of resources without limits or throttling leads to crash |
| CVE-2024-12539 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch Incorrect Authorization vulnerability |
| CVE-2024-23444 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch stores private key on disk unencrypted |
| CVE-2023-49921 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch Insertion of Sensitive Information into Log File |
| CVE-2024-37280 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch StackOverflow vulnerability |
| CVE-2024-23449 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch Uncaught Exception leading to crash |
| CVE-2024-23451 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch Incorrect Authorization vulnerability |
| CVE-2024-23450 |
unknown |
— |
— |
|
|
|
2y ago |
Elasticsearch Uncontrolled Resource Consumption vulnerability |
| CVE-2023-46673 |
unknown |
— |
— |
|
|
|
3y ago |
Elasticsearch Improper Handling of Exceptional Conditions |
| CVE-2023-31418 |
unknown |
— |
— |
|
|
|
3y ago |
Elasticsearch vulnerable to Uncontrolled Resource Consumption |
| CVE-2023-31417 |
unknown |
— |
— |
|
|
|
3y ago |
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs |
| CVE-2023-31419 |
unknown |
— |
— |
|
|
|
3y ago |
Elasticsearch vulnerable to stack overflow in the search API |
| CVE-2022-23712 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Check for Unusual or Exceptional Conditions in Elasticsearch |
| CVE-2021-22137 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch |
| CVE-2020-7021 |
unknown |
— |
— |
|
|
|
4y ago |
Insertion of Sensitive Information into Log File in Elasticsearch |
| CVE-2020-7019 |
unknown |
— |
— |
|
|
|
4y ago |
Improper privilege management in elasticsearch |
| CVE-2020-7009 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Privilege Management in Elasticsearch |
| CVE-2019-7619 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch |
| CVE-2019-7614 |
unknown |
— |
— |
|
|
|
4y ago |
Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch |
| CVE-2018-17244 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch |
| CVE-2018-17247 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Restriction of XML External Entity Reference in Elasticsearch |
| CVE-2018-3824 |
unknown |
— |
— |
|
|
|
4y ago |
Elasticsearch subject to cross site scripting |
| CVE-2018-3831 |
unknown |
— |
— |
|
|
|
4y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch |
| CVE-2019-7611 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Access Control in Elasticsearch |
| CVE-2022-23708 |
unknown |
— |
— |
|
|
|
4y ago |
Elasticsearch privilege escalation |
| CVE-2021-22147 |
unknown |
— |
— |
|
|
|
5y ago |
Exposure of sensitive information in Elasticsearch |
| CVE-2021-22144 |
unknown |
— |
— |
|
|
|
5y ago |
Denial of Service in Elasticsearch |
| CVE-2021-22135 |
unknown |
— |
— |
|
|
|
5y ago |
API information disclosure flaw in Elasticsearch |
| CVE-2021-22132 |
unknown |
— |
— |
|
|
|
5y ago |
Insufficiently Protected Credentials in Elasticsearch |
| CVE-2020-7014 |
unknown |
— |
— |
|
|
|
5y ago |
Privilege Escalation Flaw in Elasticsearch |
| CVE-2020-7020 |
unknown |
— |
— |
|
|
|
5y ago |
Privilege Context Switching Error in Elasticsearch |
| CVE-2021-22134 |
unknown |
— |
— |
|
|
|
5y ago |
Exposure of Sensitive Information to an Unauthorized Actor |