116 matches found
Grafana 11.6.0 - SSRF
Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 11.2.0 - 11.6.0 CVE: CVE-2025-4123 Description: An SSRF Server-Side Request Forgery...
Oracle Linux 9 : grafana (ELSA-2026-6382)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6382 advisory. - Resolves RHEL-158728: CVE-2026-25679 - Resolves RHEL-144959: CVE-2026-21721 - Resolves RHEL-146863: CVE-2025-61726 - Resolves RHEL-147081: CVE-2025-61729 -...
Advisory ROSA-SA-2026-3252
software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
Oracle Linux 9 : grafana (ELSA-2026-2920)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2920 advisory. - Resolves RHEL-144959: CVE-2026-21721 - Resolves RHEL-146863: CVE-2025-61726 - Resolves RHEL-147081: CVE-2025-61729 - Resolves RHEL-147370:...
EUVD-2026-4123
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...
MiracleLinux 8 : grafana-9.2.10-23.el8_10 (AXSA:2025-9968:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9968:05 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description bloc...
MiracleLinux 9 : grafana-10.2.6-13.el9_6 (AXSA:2025-10490:11)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10490:11 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description blo...
CVE-2009-4123
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...
CVE-2022-4123 affecting package podman for versions less than 5.6.1-2
CVE-2022-4123 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...
EUVD-2020-4123
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-4123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect user...
RLSA-2025:7894 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...
Oracle Linux 10 : grafana (ELSA-2025-7475)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7475 advisory. - Resolves RHEL-89943: CVE-2025-4123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
Oracle Linux 10 : grafana (ELSA-2025-8666)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8666 advisory. - Resolves RHEL-89943: CVE-2025-4123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
Oracle Linux 10 : grafana (ELSA-2025-7892)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7892 advisory. - Resolves RHEL-89943: CVE-2025-4123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
SUSE SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2025:01991-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01991-1 advisory. grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: - Security issues fixed: CVE-2025-4123: Fix cross-site scriptin...
SUSE SLES12 Security Update : Multi-Linux Manager Client Tools (SUSE-SU-2025:01987-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01987-1 advisory. golang-github-prometheus-prometheus was updated to version 2.53.4: - Security issues fixed: CVE-2023-45288: Require Go = 1.23 for building...
RHEL 9 : grafana (RHSA-2025:8681)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8681 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site...
RHEL 8 : grafana (RHSA-2025:8683)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8683 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...