CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

RedhatCVE•added 2026/05/27 9:3 a.m.•7 views

CVE-2026-33380

A flaw was found in Grafana. An authenticated attacker can exploit a vulnerability in SQL Expressions to read arbitrary files from the Grafana server's filesystem. This information disclosure is possible only when the sqlExpressions feature toggle is enabled...

6.3CVSS5.9AI score0.00012EPSS

Exploits0References4

OSV•added 2026/05/15 8:42 a.m.•5 views

BIT-GRAFANA-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS6AI score0.00012EPSS

Exploits0References2

EUVD•added 2026/05/13 9:32 p.m.•4 views

EUVD-2026-30145

6.3CVSS6AI score0.00012EPSS

Exploits0References2

NVD•added 2026/05/13 8:16 p.m.•5 views

CVE-2026-33380

6.3CVSS0.00012EPSS

Exploits0References1

UbuntuCve•added 2026/05/13 8:16 p.m.•3 views

CVE-2026-33380

6.3CVSS5.8AI score0.00012EPSS

Exploits0References2

OSV•added 2026/05/13 8:16 p.m.•1 views

UBUNTU-CVE-2026-33380

6.3CVSS6AI score0.00012EPSS

Exploits0References3

Cvelist•added 2026/05/13 7:28 p.m.•24 views

CVE-2026-33380 SQL Expressions Read File From Disk

6.3CVSS0.00012EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 7:28 p.m.•5 views

CVE-2026-33380

6.3CVSS6AI score0.00012EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/13 7:28 p.m.•4 views

CVE-2026-33380 SQL Expressions Read File From Disk

6.3CVSS6AI score0.00012EPSS

Exploits0References1

Grafana•added 2026/05/13 12:0 a.m.•3 views

SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server’s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS6AI score0.00012EPSS

Exploits0

OSV•added 2026/04/01 8:41 a.m.•3 views

BIT-GRAFANA-2026-27880 OpenFeature evaluation API reads input data with no bounds

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS5.8AI score0.00037EPSS

Exploits0References2

SUSE CVE•added 2026/03/31 8:31 a.m.•4 views

SUSE CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.6AI score0.00186EPSS

Exploits0References6

RedhatCVE•added 2026/03/27 10:42 p.m.•2 views

CVE-2026-27880

A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service DoS for the affected service. Mitigation...

7.5CVSS5.8AI score0.00037EPSS

Exploits0References4

EUVD•added 2026/03/27 3:30 p.m.•1 views

EUVD-2026-16598

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS5.8AI score0.00037EPSS

Exploits0References2

NVD•added 2026/03/27 3:16 p.m.•3 views

CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS0.00037EPSS

Exploits0References1