Lucene search
+L

80 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016686 advisory. Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a...

8.5CVSS7.3AI score0.01191EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 8:41 a.m.12 views

BIT-GRAFANA-2026-27876 RCE on Grafana via sqlExpressions

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.6AI score0.01929EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in...

9.1CVSS6.4AI score0.01929EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:48 p.m.3 views

CVE-2026-27876

A flaw was found in Grafana and the Grafana Enterprise plugin. A remote attacker could exploit a chained attack involving SQL Expressions and the Grafana Enterprise plugin to achieve remote arbitrary code execution. This vulnerability is present in instances where the sqlExpressions feature toggl...

9.1CVSS6.2AI score0.01929EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/27 3:16 p.m.4 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.7AI score0.01929EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:24 p.m.5 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:24 p.m.42 views

CVE-2026-27876 RCE on Grafana via sqlExpressions

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS0.01929EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/27 2:24 p.m.6 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS7.1AI score0.01929EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/12/03 1:44 p.m.299 views

Exploit for CVE-2025-41115

Grafana SCIMalform CVE-2025-41115 Overview This re...

10CVSS6.8AI score0.17653EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.9 views

Grafana Enterprise SCIM Provisioning Privilege Escalation (CVE-2025-41115)

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

10CVSS6.1AI score0.17653EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.11 views

PT-2025-47560

Name of the Vulnerable Software and Affected Versions Grafana versions 12.0.0 through 12.2.1 Grafana versions 12.0.6, 12.1.3, 12.1.4, 12.2.1, and 12.3.0 Description A critical vulnerability exists in Grafana Enterprise versions 12.x related to the System for Cross-domain Identity Management SCIM...

10CVSS5.9AI score0.17653EPSS
Exploits1References93
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-18144

Malware in sbrugna...

5.5CVSS5.6AI score0.00277EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2021-14846

Malware in sbrugna...

7.5CVSS7.6AI score0.03497EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2021-14845

Malware in sbrugna...

6.5CVSS6.8AI score0.0161EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14844

Malware in sbrugna...

6.5CVSS6.6AI score0.01397EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2021-14680

Malware in sbrugna...

7.1CVSS6.9AI score0.02068EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-33102

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.0108EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-33572

Malicious code in bioql PyPI...

8.5CVSS8.8AI score0.01191EPSS
Exploits0References6
Hacker One
Hacker One
added 2025/08/05 1:15 p.m.9 views

U.S. Dept Of Defense: CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████

A vulnerability, identified as CVE-2025-4123, was discovered in Grafana OSS and Enterprise versions 8.x through 12.x. The vulnerability allowed unauthenticated attackers to chain multiple flaws, including an open redirect through path traversal in the public redirect handler, stored cross-site...

7.6CVSS6.2AI score0.97999EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.11 views

CVE-2022-29170

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and...

8.5CVSS6.6AI score0.01191EPSS
Exploits0References1
Rows per page
Query Builder