Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016609)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016609 advisory. Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest...

9.8CVSS7.2AI score0.99888EPSS
Exploits1References4
NVD
NVD
added 2026/03/10 7:44 a.m.6 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS0.00253EPSS
Exploits4References2
UbuntuCve
UbuntuCve
added 2026/03/10 12:0 a.m.2 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:11 p.m.4 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : grafana-7.5.11-3.el8 (AXSA:2022-3704:04)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3704:04 advisory. grafana: OAuth account takeover CVE-2022-31107 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

7.5CVSS5.6AI score0.02039EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:59 a.m.31 views

BIT-GRAFANA-2021-39226 Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

9.8CVSS7.1AI score0.99888EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.1 views

SUSE CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

7.3CVSS7.2AI score0.99888EPSS
Exploits1References20
AlmaLinux
AlmaLinux
added 2022/05/10 6:25 a.m.30 views

Low: grafana security, bug fix, and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana 7.5.11. BZ1993214 Security Fixes: grafana: directory traversal vulnerability CVE-2021-43813 For more details...

4.3CVSS2.7AI score0.57991EPSS
Exploits0References2
NVD
NVD
added 2021/10/05 6:15 p.m.23 views

CVE-2021-39226

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "publicmode" configurati...

9.8CVSS0.99888EPSS
Exploits1References9
Rows per page
Query Builder