448 matches found
PowSyBl 安全漏洞
PowSyBl is an open source framework from PowSyBl, Inc. dedicated to the modeling and simulation of power systems. A security vulnerability exists in PowSyBl versions prior to 6.7.2, which stems from a regular expression denial of service vulnerability in the DataSource mechanism that could lead t...
GHSA-RQPX-F6RC-7HM5 PowSyBl Core contains Polynomial REDoS’es
Impact What kind of vulnerability is it? Who is impacted? This is an advisory for a potential polynomial Regular Expression Denial of Service ReDoS vulnerability in the PowSyBl's DataSource mechanism. When the listNamesString regex method is called on a DataSource, the user-supplied regular...
Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)
The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...
BIT-GRAFANA-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
UBUNTU-CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...
Authorization Bypass in Datasource Proxy
This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2023-5123
The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...
CVE-2025-45618
Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload...
SUSE CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
org.apache.kylin:kylin-query (=4.0.0-alpha), org.apache.kylin:kylin-spark-engine (=4.0.0-alpha) +4 more potentially affected by CVE-2025-30067 via org.apache.kylin:kylin-datasource-sdk (=4.0.0-alpha)
org.apache.kylin:kylin-datasource-sdk MAVEN version =4.0.0-alpha is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-datasource-sdk and may be impacted: - org.apache.kylin:kylin-query =4.0.0-alpha - org.apache.kylin:kylin-spark-engin...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint on another host. Notes: 1 This is only exploitable if the attacker has...
CVE-2024-55604
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...
PT-2025-12805 · Appsmith · Appsmith
Name of the Vulnerable Software and Affected Versions: Appsmith versions prior to 1.51 Description: The issue concerns an information disclosure where users invited as "App Viewer" can access development information of a workspace, specifically getting a list of datasources. This does not expose...