BIT-GRAFANA-2023-1410 Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

Apache Linkis 日志信息泄露漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.4.0 and earlier versions have a log information disclosure vulnerability, the vulnerability stems...

CVE-2023-5123

The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from inadequate cleanup of path parameters provided by...

SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare hos...

Grafana -- Data source permission escalation

Grafana Labs reports: The vulnerability impacts Grafana Cloud and Grafana Enterprise instances, and it is exploitable if a user who should not be able to access all data sources is granted permissions to create a data source. By default, only organization Administrators are allowed to create a da...

GHSA-R3JC-3QMM-W3PW

creationtimestamp| type| source ---|---|--- 2024-02-07 18:36:49+00:00| seen| https://t.me/ctinow/180888...

The vulnerability of the ImageBuild() function in the software for creating containerized systems called Moby allows a attacker to execute a cache poisoning attack.

The vulnerability of the ImageBuild function in the Moby containerized system creation software is related to a lack of mechanisms for verifying the data source during the processing of endpoints. Exploiting this vulnerability could allow an attacker to execute a cache poisoning attack...

The vulnerability of the LDAP protocol implementation in Mastodon’s web application for deploying distributed social networks allows a hacker to bypass the authentication process.

The vulnerability of the LDAP protocol implementation in Mastodon’s web application for deploying distributed social networks is related to the lack of a mechanism for verifying the source of data. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

WordPress 5.7.x < 5.7.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

WordPress 4.5.x < 4.5.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

GHSA-4PWP-CX67-5CPX Grafana Arbitrary File Read

Grafana = 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...

Grafana Arbitrary File Read

Grafana = 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations...

CVE-2024-0589

Cross-site scripting XSS vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry...

CVE-2024-0589

Cross-site scripting XSS vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry...

Cross site scripting

Cross-site scripting XSS vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry...

CVE-2024-0589

Cross-site scripting XSS vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry...

Devolutions Remote Desktop Manager Cross-Site Scripting Vulnerability

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2023.3.36 and prior versions, which stems from the presence of a cross-site scripting XS...

CVE-2019-8194

creationtimestamp| type| source ---|---|--- 2024-01-16 16:07:30+00:00| seen| https://t.me/ctinow/168857 2025-08-31 03:01:32+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

CVE-2023-46154

creationtimestamp| type| source ---|---|--- 2024-01-12 13:46:33+00:00| seen| https://t.me/ctinow/167240...