CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

141 matches found

CVE-2026-10601

A flaw was found in the Tempo and Loki datasource plugins. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke...

5.4CVSS5.9AI score0.00255EPSS

Exploits0References4

EUVD•added 2 days ago•6 views

EUVD-2026-38242

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00255EPSS

Exploits0References1

CVE•added 2 days ago•60 views

CVE-2026-10601

CVE-2026-10601 affects Grafana Tempo and Loki datasource plugins. The root cause is unsanitized user input interpolated into backend HTTP URL paths, enabling path traversal. A Viewer-role user can (1) retrieve admin-configured datasource credentials via an attacker-controlled endpoint, (2) trigge...

5.4CVSS5.9AI score0.00255EPSS

Exploits0References1

Cvelist•added 2 days ago•29 views

CVE-2026-42129 Path Traversal in Loki Datasource leads to Internal Information Disclosure

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS0.00316EPSS

Exploits0References1

AlpineLinux•added 2 days ago•5 views

CVE-2026-42129

7.7CVSS5.9AI score0.00316EPSS

Exploits0

RedhatCVE•added 2026/05/27 8:45 a.m.•6 views

CVE-2026-28379

A flaw was found in Grafana Live, where a race condition allows authenticated users with a Viewer role to trigger a server crash. By sending concurrent requests, these users can cause a fatal map access error, leading to complete service unavailability Denial of Service. This requires a restart o...

6.5CVSS5.7AI score0.00262EPSS

Exploits0References4

Tenable Nessus•added 2026/05/27 12:0 a.m.•7 views

FreeBSD : Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS (9bcc3279-5901-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcc3279-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source...

6.5CVSS5.8AI score0.00434EPSS

Exploits0References3

OSV•added 2026/05/15 8:42 a.m.•3 views

BIT-GRAFANA-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

6.5CVSS5.8AI score0.00262EPSS

Exploits0References2

EUVD•added 2026/05/13 9:32 p.m.•45 views

EUVD-2026-30139

6.5CVSS5.8AI score0.00262EPSS

Exploits0References2

UbuntuCve•added 2026/05/13 8:16 p.m.•6 views

CVE-2026-28379

6.5CVSS5.8AI score0.00262EPSS

Exploits0References2

OSV•added 2026/05/13 8:16 p.m.•4 views

UBUNTU-CVE-2026-28379

6.5CVSS5.8AI score0.00262EPSS

Exploits0References3

Cvelist•added 2026/05/13 7:28 p.m.•27 views

CVE-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

6.5CVSS0.00262EPSS

Exploits0References1

AlpineLinux•added 2026/05/13 7:28 p.m.•7 views

CVE-2026-28379

6.5CVSS5.8AI score0.00262EPSS

Exploits0References1

CVE•added 2026/05/13 7:28 p.m.•23 views

CVE-2026-28379

Grafana Live contains a race condition that can be triggered by authenticated users with the Viewer role. Concurrent requests lead to a fatal map access error, causing complete Grafana server unavailability and requiring a restart. Public details are limited to the description; no explicit exploi...

6.5CVSS5.8AI score0.00262EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/13 7:28 p.m.•6 views

CVE-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

6.5CVSS5.8AI score0.00262EPSS

Exploits0References1

CNNVD•added 2026/05/13 12:0 a.m.•8 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from a race condition in Live. This condition may allow authenticated users with the Viewer role to trigger a fatal mapping access error by sending concurrent...

6.5CVSS5.8AI score0.00262EPSS

Exploits0References1

Grafana•added 2026/05/13 12:0 a.m.•9 views

Viewer-triggered race condition in Grafana Live leads to complete server crash

6.5CVSS5.8AI score0.00262EPSS

Exploits0

OSV•added 2026/04/13 5:38 a.m.•5 views

BIT-AIRFLOW-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS6AI score0.00685EPSS

Exploits0References4