RockyLinux 10 : grafana (RLSA-2026:10223)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:10223 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

grafana: Grafana: Information disclosure of data-source passwords via public dashboards

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

RHEL 9 : grafana (RHSA-2026:10226)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10226 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana:...

grafana: Grafana: Information disclosure of data-source passwords via public dashboards

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

RHEL 10 : grafana (RHSA-2026:10223)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:10223 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana:...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 For more details about the security issues, including the impact, a...

ALSA-2026:10226 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 For more details about the security issues, including the impact, a...

ALSA-2026:10223 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 For more details about the security issues, including the impact, a...

CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

CVE-2026-40091

A flaw was found in SpiceDB. When SpiceDB starts with log level info, the startup configuration log will expose the full datastore Data Source Name DSN, including the plaintext password. This vulnerability allows an attacker with access to these logs to obtain sensitive database credentials,...

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

CVE-2026-40262

creationtimestamp| type| source ---|---|--- 2026-04-13 19:23:08+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9pr4-rf97-79qh 2026-04-17 02:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjnvxtwwvy26 2026-04-17 03:16:02+00:00| published-proof-of-concept...

EUVD-2026-20858

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

CVE-2026-5848

CVE-2026-5848 affects jeecgboot JimuReport up to version 2.3.0. The vulnerability lies in the Data Source Handler’s testConnection path, specifically the function DriverManager.getConnection, where manipulating the argument dbUrl can lead to code injection. The issue can be exploited remotely and...

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...