1047 matches found
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
PT-2026-28379
Name of the Vulnerable Software and Affected Versions Grafana versions prior to 11.6.14+security01-1.1 Description A testdata data-source can be used to trigger out-of-memory crashes. Recommendations Update to version 11.6.14+security01-1.1...
Grafana 安全漏洞
Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that can lead to a memory insufficiency...
CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
OESA-2026-1691 c3p0 security update
c3p0 is a JDBC driver for extending traditional libraries DriverManager-based libraries with JNDI bindable data sources including data sources, as described in the jdbc3 specification and jdbc2 standard extensions. They implement connections and statement pools. Security Fixes: c3p0 is a JDBC...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949
SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
PT-2026-26556
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
Budibase 代码问题漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.30.6 and earlier have code vulnerabilities. These vulnerabilities stem from the fact that the REST data...
PT-2026-26260
A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...
CVE-2026-28791
creationtimestamp| type| source ---|---|--- 2026-03-12 05:09:56+00:00| published-proof-of-concept| https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c 2026-03-12 19:40:05+00:00| seen| https://gist.github.com/alon710/d73d499cf1d6e8d3c3762966f6b93ea2...