CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2266 matches found

NVD•added 2026/03/27 3:16 p.m.•2 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS0.00198EPSS

Exploits0References1

Cvelist•added 2026/03/27 2:2 p.m.•25 views

CVE-2026-27877 Public dashboards discloses all direct mode datasources

6.5CVSS0.00198EPSS

Exploits0References1

CVE•added 2026/03/27 2:2 p.m.•33 views

CVE-2026-27877

CVE-2026-27877 affects Grafana where, when using public dashboards with direct data-sources, passwords for those data-sources are exposed. The root cause is direct data-source password handling leaking in such dashboards. The advisory recommends converting direct data-sources to proxied data-sour...

7.5CVSS5.8AI score0.00198EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/02 12:0 a.m.•5 views

PT-2026-22991

Name of the Vulnerable Software and Affected Versions CocoIndex versions prior to 0.3.34 Description CocoIndex, a data transformation framework for AI, contains a flaw in the Doris target connector. Prior to version 0.3.34, the connector did not validate the configured table name before...

9.8CVSS5.8AI score0.00282EPSS

Exploits0References10

RedhatCVE•added 2026/01/09 8:56 a.m.•5 views

CVE-2023-40033

Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...

7.1CVSS6.8AI score0.00421EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:48 a.m.•4 views

CVE-2025-23173

The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known...

7.5CVSS8.1AI score0.00528EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:17 a.m.•14 views

CVE-2025-1642

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been declared as critical. This vulnerability affects unknown code of the file /AGE0000700/GetImageMedico?fooId=1. The manipulation of the argument fooId leads to improper control of resource identifiers. The attack can be initiat...

7.5CVSS7.1AI score0.00616EPSS

Exploits1References1

Positive Technologies•added 2025/10/24 12:0 a.m.•2 views

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

6.1CVSS5.6AI score0.00201EPSS

Exploits0References6