CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1047 matches found

Cvelist•added 2026/04/02 12:0 a.m.•13 views

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

0.00289EPSS

Exploits1References2

Tenable Nessus•added 2026/04/02 12:0 a.m.•4 views

Grafana 8.1.0 < 11.6.14 / 12.0.0 < 12.1.10 / 12.2.0 < 12.2.8 / 12.3.0 < 12.3.6 / 12.4.0 < 12.4.2 DoS (CVE-2026-28375)

The version of Grafana installed on the remote host is 8.1.x through 11.6.x prior to 11.6.14, 12.0.x through 12.1.x prior to 12.1.10, 12.2.x prior to 12.2.8, 12.3.x prior to 12.3.6, or 12.4.x prior to 12.4.2. It is, therefore, affected by a denial of service vulnerability: - A testdata data-sourc...

6.5CVSS5.9AI score0.00376EPSS

Exploits0References2

Positive Technologies•added 2026/04/02 12:0 a.m.•4 views

PT-2026-29794

9.9CVSS6AI score0.00289EPSS

Exploits1References4

CVE•added 2026/04/02 12:0 a.m.•14 views

CVE-2026-25212

Percona PMM prior to 3.7 is affected. An internal database user with superuser privileges can leverage the pmm-admin authenticated Add data source flow to break out of the database context and run shell commands on the underlying OS. This is evidenced in multiple sources (e.g., Percona release no...

9.9CVSS6AI score0.00289EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/01 8:41 a.m.•3 views

BIT-GRAFANA-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.9AI score0.00433EPSS

Exploits0References2

OSV•added 2026/04/01 8:41 a.m.•2 views

BIT-GRAFANA-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References2

SUSE CVE•added 2026/03/31 8:31 a.m.•3 views

SUSE CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00198EPSS

Exploits0References11

SUSE CVE•added 2026/03/31 8:31 a.m.•4 views

SUSE CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References7

SUSE CVE•added 2026/03/28 12:25 a.m.•6 views

SUSE CVE-2026-33375

6.5CVSS5.9AI score0.00433EPSS

Exploits0References6

RedhatCVE•added 2026/03/27 8:52 p.m.•4 views

CVE-2026-28375

A flaw was found in Grafana. A remote attacker with low privileges could exploit this vulnerability by using a specially crafted testdata data-source. This could trigger out-of-memory crashes, leading to a Denial of Service DoS. Mitigation Mitigation for this issue is either not available or the...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References4

EUVD•added 2026/03/27 3:30 p.m.•1 views

EUVD-2026-16638

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References2

Snyk•added 2026/03/27 3:28 p.m.•1 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the public dashboards. An attacker can obtain sensitive...

8.7CVSS5.8AI score0.00198EPSS

Exploits0References2

NVD•added 2026/03/27 3:16 p.m.•2 views

CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS0.00376EPSS

Exploits0References1

UbuntuCve•added 2026/03/27 3:16 p.m.•3 views

CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References2

OSV•added 2026/03/27 3:16 p.m.•3 views

UBUNTU-CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References3

CVE•added 2026/03/27 2:26 p.m.•13 views

CVE-2026-28375

CVE-2026-28375 affects Grafana via the testdata data-source, where a flaw permits unbounded memory allocations, leading to out-of-memory crashes. The connected CVE entry confirms the root cause as unbounded allocations by the testdata data-source, resulting in availability impact (OOM) . The prov...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/27 2:26 p.m.•4 views

CVE-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS

Exploits0References1

Snyk•added 2026/03/27 2:26 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview github.com/grafana/grafana/pkg/tsdb is a developer testing tool for Grafana. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the testdata data-source. An attacker can cause the application to crash and become unavailable by...

7.1CVSS5.9AI score0.00376EPSS

Exploits0References2