375 matches found
EUVD-2026-30145
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
UBUNTU-CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
CVE-2026-33380 describes a vulnerability in Grafana’s SQL Expressions feature. An authenticated attacker can read arbitrary files from the Grafana server’s filesystem when the sqlExpressions feature toggle is enabled. The issue affects requests that reach the SQL Expressions component and leverag...
CVE-2026-33380 SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380 SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server’s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
PT-2026-40793
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw in SQL Expressions enables an authenticated attacker to read arbitrary files from the server's filesystem. This issue only affects instances where the sqlExpressions feature toggle is...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
EUVD-2022-55976
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
EUVD-2026-28835
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202
In detail, CVE-2026-42202 affects the laravel package almirhodzic/nova-toggle-5 (Nova toggle feature). Before 1.3.0, the toggle endpoint POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId} was protected only by web + auth:, allowing any authenticated user on the configured guard—even non...
Laravel Nova 5 Toggle Field 授权问题漏洞
Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...
CVE-2026-42236
Summary: CVE-2026-42236 affects n8n, an open source workflow automation platform. The issue is in the MCP OAuth client registration endpoint, which accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could perform a denia...