RLSA-2025:8915 Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...

Linux Distros Unpatched Vulnerability : CVE-2022-23498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including...

Linux Distros Unpatched Vulnerability : CVE-2020-24303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. CVE-2020-24303 Note that Nessus relies on the presence of the package...

Improper Input Validation

github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...

Linux Distros Unpatched Vulnerability : CVE-2019-16335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different...

BIT-SUPERSET-2025-55675 Apache Superset: Incorrect datasource authorization on REST API

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

MAL-2025-33798 Malicious code in spotify-heroic-datasource (npm)

The package spotify-heroic-datasource was found to contain malicious code...

MAL-2025-38261 Malicious code in vertamedia-clickhouse-datasource (npm)

The package vertamedia-clickhouse-datasource was found to contain malicious code...

Malicious code in vertamedia-clickhouse-datasource (npm)

The package vertamedia-clickhouse-datasource was found to contain malicious code...

Malicious code in spotify-heroic-datasource (npm)

The package spotify-heroic-datasource was found to contain malicious code...

Missing Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Missing Authorization via the /explore endpoint due to a missing authorization check. An attacker can obtain sensitive metadata about datasources by...

Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

PT-2025-33274 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: Apache Superset contains an improper access control issue in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do...