520 matches found
CVE-2026-11769
A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...
CVE-2026-13295
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-13295
The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...
EUVD-2026-39955
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panelsdata Parameter in all versions up to, and including, 2.34.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-53056
Name of the Vulnerable Software and Affected Versions Page Builder by SiteOrigin versions prior to 2.34.4 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject arbitrary...
EUVD-2026-36641
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName...
CVE-2026-48764
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
The Top 10 Attack Surface Exposures in 2026
Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without...
Duplicate Advisory: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fcw4-wwqm-m8cf. This link is maintained to preserve external references. Original Description We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a...
CVE-2026-11769
We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating...
CVE-2026-11769 Operator - Namespaced User Path Traversal
We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating...
CVE-2026-11769
Grafana Operator
CVE-2026-11769 Operator - Namespaced User Path Traversal
We have released version 5.24.0 of the Grafana Operator. This patch includes a MEDIUM severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator. Summary The Grafana Operator supports loading dashboards & library panels using the jsonnet data templating...
Splunk Enterprise 跨站脚本漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Both Splunk Cloud Platform and Splunk...
SUSE CVE-2026-43294
In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...
Siemens SIMATIC HMI Comfort Panels 安全漏洞
Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. There are security vulnerabilities in Siemens SIMATIC HMI Comfort Panels. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. This allows...
EUVD-2026-28836
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...
CVE-2026-43294
In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...
CVE-2026-43294
In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...
Linux Distros Unpatched Vulnerability : CVE-2026-43294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b clk: renesas: r9a07g044: Add MSTOP for RZ/G2L we may get...