94 matches found
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
SUSE CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
grafana -- XSS vulnerability
[email protected] reports: A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...
ASB-A-346797131
In ParseTag of dngifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-VHXF-7VQR-MRJG vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-VHXF-7VQR-MRJG vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, opensearch-dashboards...
CVE-2025-26791 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-26791 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, opensearch-dashboards...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
GHSA-RHX6-C78J-4Q9W vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard, grafana-image-renderer, thingsboard, tileserver-gl, arangodb, sqlpad, tileserver-gl-fips, kubeflow-pipelines, argo-workflows...
BIT-GRAFANA-IMAGE-RENDERER-2022-31176 Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
SUSE CVE-2017-7786
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.
Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
Design/Logic Flaw
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2022-31176 Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2022-31176 Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2022-31176 Grafana Image Renderer leaking files
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2022-31176
CVE-2022-31176 concerns Grafana Image Renderer, a Grafana backend plugin that renders panels to PNGs via a headless browser. An internal security review identified an unauthorized file disclosure vulnerability: a malicious user could retrieve unauthorized files under certain network conditions or...