Lucene search
+L

94 matches found

OSV
OSV
added 2025/05/22 7:44 a.m.3 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS5.6AI score0.97999EPSS
Exploits6References5
SUSE CVE
SUSE CVE
added 2025/05/21 12:51 a.m.4 views

SUSE CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS5.6AI score0.97999EPSS
Exploits6References7
Grafana
Grafana
added 2025/05/21 12:0 a.m.12 views

Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS7.4AI score0.97999EPSS
Exploits6
FreeBSD
FreeBSD
added 2025/04/26 12:0 a.m.10 views

grafana -- XSS vulnerability

[email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...

7.6CVSS7AI score0.97999EPSS
Exploits6References1
OSV
OSV
added 2025/04/01 12:0 a.m.30 views

ASB-A-346797131

In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.2AI score0.00292EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/02/14 9:31 a.m.6 views

GHSA-VHXF-7VQR-MRJG vulnerabilities

Vulnerabilities for packages: grafana-image-renderer...

5.2AI score
Exploits0
Chainguard
Chainguard
added 2025/02/14 9:31 a.m.6 views

GHSA-VHXF-7VQR-MRJG vulnerabilities

Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, opensearch-dashboards...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2025/02/14 9:15 a.m.23 views

CVE-2025-26791 vulnerabilities

Vulnerabilities for packages: grafana-image-renderer...

6.1CVSS6.2AI score0.00583EPSS
Exploits1
Chainguard
Chainguard
added 2025/02/14 9:15 a.m.18 views

CVE-2025-26791 vulnerabilities

Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, opensearch-dashboards...

6.1CVSS6.2AI score0.00583EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 p.m.7 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS6.7AI score0.00903EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/12/05 10:40 p.m.11 views

GHSA-RHX6-C78J-4Q9W vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, grafana-image-renderer, thingsboard, tileserver-gl, arangodb, sqlpad, tileserver-gl-fips, kubeflow-pipelines, argo-workflows...

5.3AI score
Exploits0
OSV
OSV
added 2024/03/06 10:52 a.m.27 views

BIT-GRAFANA-IMAGE-RENDERER-2022-31176 Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS7.8AI score0.00903EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.4 views

SUSE CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

7.5CVSS9.3AI score0.04187EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/15 9:13 a.m.77 views

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

9.8CVSS9.4AI score0.99298EPSS
Exploits63Affected Software1
NVD
NVD
added 2022/09/02 9:15 p.m.31 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS0.00903EPSS
Exploits0References3
Prion
Prion
added 2022/09/02 9:15 p.m.18 views

Design/Logic Flaw

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

5.5CVSS7.7AI score0.00903EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/02 12:0 a.m.7 views

CVE-2022-31176 Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS8AI score0.00903EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/02 12:0 a.m.38 views

CVE-2022-31176 Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS8.1AI score0.00903EPSS
Exploits0References3
OSV
OSV
added 2022/09/02 12:0 a.m.19 views

CVE-2022-31176 Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS7.9AI score0.00903EPSS
Exploits0References5
CVE
CVE
added 2022/09/02 12:0 a.m.154 views

CVE-2022-31176

CVE-2022-31176 concerns Grafana Image Renderer, a Grafana backend plugin that renders panels to PNGs via a headless browser. An internal security review identified an unauthorized file disclosure vulnerability: a malicious user could retrieve unauthorized files under certain network conditions or...

8.3CVSS7.8AI score0.00903EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder