Lucene search
K

5 matches found

OSV
OSV
added 2026/06/22 1:18 p.m.3 views

CVE-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 1:18 p.m.162 views

CVE-2026-10601

CVE-2026-10601 affects Grafana Tempo and Loki datasource plugins. The root cause is unsanitized user input interpolated into backend HTTP URL paths, enabling path traversal. A Viewer-role user can (1) retrieve admin-configured datasource credentials via an attacker-controlled endpoint, (2) trigge...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/01/19 3:46 p.m.4 views

Improper Handling of URL Encoding (Hex Encoding)

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Improper Handling of URL Encoding Hex Encoding where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. An...

8.9CVSS5.6AI score0.00457EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.8 views

PT-2025-34134 · Winterchens · My-Site

Name of the Vulnerable Software and Affected Versions: WinterChenS my-site versions through commit 6c79286 2025-06-11 Description: An authentication bypass allows unauthorized access to the /admin/ API without a token. Recommendations: Versions prior to commit 6c79286 2025-06-11 should be updated...

9.8CVSS6.7AI score0.00415EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/20 12:0 a.m.15 views

CVE-2025-50904

There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 2025-06-11. An attacker can exploit this vulnerability to access /admin/ API without any token...

0.00415EPSS
Exploits1References1
Rows per page
Query Builder