grafana-11.6.14+security04-1.1 on GA media (moderate)

grafana-11.6.14+security04-1.1 on GA media Announcement ID: openSUSE-SU-2026:10932-1 Rating: moderate Cross-References: CVE-2026-28374 CVE-2026-28376 CVE-2026-28379 CVE-2026-28380 CVE-2026-28383 CVE-2026-33376 CVE-2026-33377 CVE-2026-33378 CVE-2026-33380 CVE-2026-33381 CVSS scores: CVE-2026-28374...

CVE-2026-28380 vulnerabilities

Vulnerabilities for packages: grafana...

CVE-2026-28380 vulnerabilities

Vulnerabilities for packages: grafana...

Linux Distros Unpatched Vulnerability : CVE-2026-28380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Any Editor could delete any snapshot, even if they have no access to read or write them. CVE-2026-28380 Note that Nessus relies on the presence of the package a...

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2021-28380

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

EUVD-2022-28380

Malicious code in bioql PyPI...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

CVE-2025-28380

creationtimestamp| type| source ---|---|--- 2025-06-13 13:33:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18293 2025-06-13 15:25:26+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114676749186057555...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

CVE-2023-28380

Uncontrolled search path for the IntelR AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2022-28380

The rc-httpd component through 2022-03-31 for 9front Plan 9 fork allows ..%2f directory traversal if serve-static is used...

CVE-2023-28380

Uncontrolled search path for the IntelR AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2023-28380

Uncontrolled search path for the IntelR AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2023-28380

Uncontrolled search path for the IntelR AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2023-28380

CVE-2023-28380 : Intel® AI Hackathon software prior to version 2.0.0 contains an unsafe/uncontrolled search path that could allow an unauthenticated attacker to escalate privileges over the network. Affected product: Intel AI Hackathon software before 2.0.0. Root cause: uncontrolled search path i...

CVE-2022-28380

creationtimestamp| type| source ---|---|--- 2022-04-03 22:26:57+00:00| seen| https://t.me/cibsecurity/40074...

CVE-2022-28380

The rc-httpd component through 2022-03-31 for 9front Plan 9 fork allows ..%2f directory traversal if serve-static is used...