PT-2023-4941 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is a Stored Cross-Site-Scripting XSS vulnerability that allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative Cacti accounts...

Citrix Director Message: "Cannot Retrieve Data". Error: Data source cannot be found.

Delivery Controller error: The description for Event ID 5 from source Citrix Director Service cannot be found.Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. On...

CVE-2023-3855

creationtimestamp| type| source ---|---|--- 2023-07-24 07:25:46+00:00| seen| https://t.me/cibsecurity/67136...

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software allow attackers to disclose protected information.

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software are related to deficiencies in the data source verification mechanism. Exploitation of these vulnerabilities can allow attackers to disclose protected information...

Grafana -- Grafana DS proxy race condition

Grafana Labs reports: We have discovered a vulnerability with Grafana’s data source query endpoints that could end up crashing a Grafana instance. If you have public dashboards PD enabled, we are scoring this as a CVSS 7.5 High. If you have disabled PD, this vulnerability is still a risk, but...

Grafana 安全漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A security vulnerability exists in Grafana versions prior to 9.4.12, 9.5.3, and 9.5.3, which...

grafanaplugin 命令注入漏洞

grafanaplugin is a TDengine data source plugin for grafana. A command injection vulnerability exists in grafanaplugin, which can be exploited by an attacker to execute arbitrary code...

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

Contributors will be unable to fund a project if UNISWAP token swapping is recommended over minting in JBXBuybackDelegate data source

Lines of code Vulnerability details Impact A core function of the juice-buyback contract, which is to maximise the project tokens received by the contributor, won't work whenever a swap from Uniswap V3 pool provides more tokens over minting because the transaction will revert. This can cause the...

CVE-2023-31847

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...

CVE-2023-31847

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...

Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting

The WordPress Advanced Custom Fields Pro Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

PT-2023-23487 · Oracle · Mysql Server

Name of the Vulnerable Software and Affected Versions: davinci version 0.3.0-rc Description: The issue allows a user to connect to a malicious MySQL server after logging in, by controlling the data source. This can lead to reading arbitrary files on the client side. Recommendations: For davinci...

CVE-2023-31847

Affects davinci 0.3.0-rc. After login, a user can connect to a malicious MySQL server by abusing data-source control to read arbitrary files on the client side. Impact: confidentiality high; exploitation not described in detail. No patch information is provided in the sources; a workflow-based wo...

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

SecVulList-Veraxy00 Let’s share some vulnerabilities I’ve id...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

Grafana Information Disclosure Vulnerability (CNVD-2023-36311)

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...

CVE-2023-1387

Grafana CVE-2023-1387 concerns a JWT leakage via the URL token auth_token when the url_login option is enabled (enabled by default? not specified here). Starting with Grafana 9.1, a JWT may be sent to data sources, potentially allowing an attacker with access to the data source to reuse the leake...

Grafana 安全漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...

CVE-2023-2006

creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:38+00:00| seen| https://t.me/cibsecurity/62772 2025-08-31 03:01:27+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...