CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

Grafana -- Public dashboards discloses all direct mode datasources

https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-source...

PT-2026-28370

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description When using public dashboards and direct data-sources, passwords for direct data-sources are exposed even if they are not actively used in dashboards. Passwords for proxied data-sources are n...

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has security vulnerabilities; these vulnerabilities arise from...

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

RHEL 8 : grafana-pcp (RHSA-2026:3821)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3821 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

Exploit for SQL Injection in Dbgpt Db-Gpt

DBGPT Unauthenticated Information Disclosure & SQL Execution P...

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from a time difference betwe...

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

CVE-2025-13773

creationtimestamp| type| source ---|---|--- 2025-12-24 05:37:02+00:00| seen| https://infosec.exchange/users/offseq/statuses/115772923621574352 2025-12-24 05:37:03+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mapkafmwk626 2025-12-24 05:45:28+00:00| seen|...

Assessing SIEM effectiveness

A SIEM is a complex system offering broad and flexible threat detection capabilities. Due to its complexity, its effectiveness heavily depends on how it is configured and what data sources are connected to it. A one-time SIEM setup during implementation is not enough: both the organization's...

CVE-2025-64460

creationtimestamp| type| source ---|---|--- 2025-12-02 14:49:11+00:00| seen| https://seclists.org/oss-sec/2025/q4/226 2025-12-02 16:31:29+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m6zekey5zw22 2025-12-02 19:01:50+00:00| seen|...

CVE-2025-13540

creationtimestamp| type| source ---|---|--- 2025-11-27 06:36:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6lqxlntkn2q 2025-11-27 07:33:58+00:00| seen| https://infosec.exchange/users/offseq/statuses/115620501057288487 2025-11-27 07:34:07+00:00| seen|...