12172 matches found
CVE-2026-32241
creationtimestamp| type| source ---|---|--- 2026-03-27 21:01:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi2zas2jg72m 2026-03-27 21:05:34+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mi2ziec22r25 2026-03-27 21:22:55+00:00| seen|...
CVE-2026-27877
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
CVE-2025-15381
creationtimestamp| type| source ---|---|--- 2026-03-27 19:18:40+00:00| published-proof-of-concept| Telegram/1bFqVBg1WZRYib4qCiBn36zcLriGuSpWJXWdU6ZWtzYtM 2026-03-27 19:18:53+00:00| seen| Telegram/aqievDs9oCICHmk4C8wabuGpxUWUtlG5g0Gk9aIz6TfeTOo 2026-03-27 22:15:31+00:00| seen|...
CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...
CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...
EUVD-2026-16596
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
GHSA-3Q27-7QJQ-P9C5 Grafana public dashboards disclose all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
Grafana public dashboards disclose all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
DEBIAN-CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
UBUNTU-CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-27877 Public dashboards discloses all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-27877 Public dashboards discloses all direct mode datasources
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-27877
CVE-2026-27877 affects Grafana where, when using public dashboards with direct data-sources, passwords for those data-sources are exposed. The root cause is direct data-source password handling leaking in such dashboards. The advisory recommends converting direct data-sources to proxied data-sour...
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...
CVE-2026-33748
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...