Lucene search
K

38 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-48948

Malicious code in bioql PyPI...

5.1CVSS7AI score0.00579EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 11:12 a.m.206 views

BIT-GRAFANA-2024-8118 Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

5.1CVSS6.6AI score0.00579EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/15 3:41 p.m.22 views

LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input i...

4.8CVSS7.3AI score0.00314EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/02 12:0 a.m.22 views

Grafana Labs Incorrect Permission (cve-2024-8118)

The version of Grafana Labs installed on the remote host is prior to 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. It is, therefore, affected by a vulnerability as referenced in the cve-2024-8118 advisory. - In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing...

5.1CVSS6.9AI score0.00579EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 7:15 p.m.18 views

CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

5.1CVSS0.00579EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 7:15 p.m.4 views

UBUNTU-CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

5.1CVSS7.3AI score0.00579EPSS
Exploits0References3
CVE
CVE
added 2024/09/26 6:46 p.m.6483 views

CVE-2024-8118

Grafana vulnerability CVE-2024-8118: The alert rule write API endpoint uses incorrect permissions, allowing users who can write external alert instances to also write alert rules. This is the same issue described in BIT-GRAFANA-2024-8118 and OSV entries, which confirm the description but do not p...

5.1CVSS6.5AI score0.00579EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/09/26 6:46 p.m.25 views

CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

5.1CVSS7.2AI score0.00579EPSS
Exploits0
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.4 views

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from a security vulnerability that stems from incorrect...

5.1CVSS7AI score0.00579EPSS
Exploits0References3
Grafana
Grafana
added 2024/09/26 12:0 a.m.15 views

Grafana alerting wrong permission on datasource rule write endpoint

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules. This vulnerability first appeared in Grafana v8.5.0, and is fixed in v11.2.1, v11.1.6, v11.0.5, v10.4.9, and v10.3.10...

5.1CVSS5.8AI score0.00579EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.6 views

PT-2024-6552 · Grafana +3 · Grafana +3

Name of the Vulnerable Software and Affected Versions: Grafana affected versions not specified Description: The issue is related to the wrong permission being applied to the alert rule write API endpoint in Grafana. This allows users with permission to write external alert instances to also write...

9.9CVSS7.5AI score0.97781EPSS
Exploits13References110
RedhatCVE
RedhatCVE
added 2022/03/21 4:34 p.m.65 views

CVE-2022-23709

A flaw was found in Kibana. This issue allows users with read access to the Uptime feature to modify alerting rules, allowing them to create new or overwrite existing ones. However, any rules created this way are not enabled by default and allow the user to disable an existing, enabled alert rule...

4.3CVSS2.9AI score0.00544EPSS
Exploits0References4
Huntr
Huntr
added 2022/02/18 1:27 p.m.20 views

Cross-site Scripting (XSS) - Stored

Stored-xss is possible when adding a rule. Create a new Alert Rule like below and adjust the query like below with the following payload " Save the rule and see a xss-pop up...

3.5CVSS1.4AI score0.00613EPSS
Exploits1
CNVD
CNVD
added 2019/09/03 12:0 a.m.5 views

LibreNMS Cross-Site Scripting Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A cross-site scripting vulnerability exists in the Create User Inventory Add Device Notifications Alert Rule...

5.4CVSS6.5AI score0.00644EPSS
Exploits1References1
Cisco Threats
Cisco Threats
added 2017/04/07 12:52 p.m.9 views

Threat Outbreak Alert RuleID28668: Email Messages Distributing Malicious Software on April 7, 2017

Medium Alert ID: 53368 First Published: 2017 April 7 12:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28668 may contain the following files: Name | Siz...

0.1AI score
Exploits0
Cisco Threats
Cisco Threats
added 2017/03/23 4:0 p.m.14 views

Threat Outbreak Alert RuleID28352: Email Messages Distributing Malicious Software on March 23, 2017

Medium Alert ID: 53137 First Published: 2017 March 23 16:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28352 may contain the following files: Name | Si...

0.2AI score
Exploits0
Cisco Threats
Cisco Threats
added 2017/03/16 1:17 p.m.16 views

Threat Outbreak Alert RuleID28311: Email Messages Distributing Malicious Software on March 16, 2017

Medium Alert ID: 53046 First Published: 2017 March 16 13:17 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28311 may contain the following files: Name | Si...

0.1AI score
Exploits0
Cisco Threats
Cisco Threats
added 2015/11/02 11:26 p.m.15 views

Threat Outbreak Alert RuleID18893: Email Messages Distributing Malicious Software on November 2, 2015

Medium Alert ID: 41891 First Published: 2015 November 2 23:26 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18893KVR may contain the following files: Name...

0.3AI score
Exploits0
Rows per page
Query Builder