CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

Grafana 授权问题漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An authorization issue vulnerability exists in Grafana versions prior to 10.4....

PT-2025-17604

Name of the Vulnerable Software and Affected Versions Grafana version 10.4.0 Description The issue concerns improper authorization in the Data Source Proxy API. Recommendations For Grafana version 10.4.0, update to a version that includes the fix for this issue. At the moment, there is no...

CVE-2025-31328

creationtimestamp| type| source ---|---|--- 2025-04-22 21:09:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lngln3ulrl2c 2025-04-22 22:35:16+00:00| seen| https://t.me/cvedetector/23541...

CVE-2025-32913

creationtimestamp| type| source ---|---|--- 2025-04-14 13:54:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11611 2025-04-14 14:49:38+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114336869784628007 2025-04-14 16:33:37+00:00| seen|...

CVE-2025-30296

creationtimestamp| type| source ---|---|--- 2025-04-08 22:22:26+00:00| seen| https://t.me/cvedetector/22504...

CVE-2025-32018

creationtimestamp| type| source ---|---|--- 2025-04-08 17:48:13+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114303598060531170 2025-04-08 19:22:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmd756sgdk2f...

Citrix Director - Unable to retrieve the list of Connections

Citrix Director does not show any 'Connection' information under 'Filters'. There is an error displayed in Director: "Data source unresponsive or reported an error. View Director server event logs for further information Refer Citrix KB article CTX130320" You can also find an event ID 5 logged by...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. Remediation Upgrade...

RHSA-2025:2879

creationtimestamp| type| source ---|---|--- 2025-03-27 04:25:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9006 2025-03-27 04:25:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9007 2025-03-27 04:25:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9008 2025-03-27 04:25:52+00:00...

Grafana -- Authorization bypass in data source proxy API

Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2024-44228

creationtimestamp| type| source ---|---|--- 2025-03-13 17:45:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7448 2025-10-01 18:11:57+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:29+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2025-22623

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...

CVE-2021-37787

creationtimestamp| type| source ---|---|--- 2025-03-08 04:00:07+00:00| published-proof-of-concept| Telegram/WK-d7rHew0RoUjunO6vRsF762k6XwiwPjLRMSoANXZ7zahs 2025-03-11 17:39:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7183 2025-03-20 21:02:03+00:00| seen|...

CVE-2024-13835

creationtimestamp| type| source ---|---|--- 2025-03-08 02:35:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6913 2025-03-08 04:29:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosilano2e 2025-03-08 04:37:51+00:00| seen|...

CVE-2025-2032

creationtimestamp| type| source ---|---|--- 2025-03-06 19:41:32+00:00| seen| https://t.me/cvedetector/19715 2025-08-18 13:31:23+00:00| seen| MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3 2025-08-19 02:47:43+00:00| seen| MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3...

CVE-2025-1905

creationtimestamp| type| source ---|---|--- 2025-03-04 05:30:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6341 2025-03-04 08:18:31+00:00| seen| https://t.me/cvedetector/19470 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1902

creationtimestamp| type| source ---|---|--- 2025-03-04 04:34:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6316 2025-03-04 06:01:30+00:00| published-proof-of-concept| Telegram/macVH0v7i2nzlHDG3843dn9M-u-r9AI0mgz7c0Lv52YB4Bs 2025-08-19 13:26:46+00:00| seen|...