Lucene search
K

31 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.16 views

ALSA-2026:19134 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/30 6:23 p.m.31 views

CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS0.00241EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 6:23 p.m.11 views

CVE-2026-40603

Chartbrew CVE-2026-40603 affects Chartbrew 4.9.0, where a legacy /api/project/dashboard/:brewName route exposes a project’s report data to any authenticated member of the same team, bypassing project-level authorization. This allows a low-privileged same-team user to read another project’s dashbo...

6.5CVSS5.4AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/04/30 6:23 p.m.3 views

CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS6AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from a legacy dashboard routing mechanism that bypasses project-level authorization, returning original...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 12:31 p.m.5 views

EUVD-2026-17363

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

3.1CVSS5.9AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.5 views

CVE-2025-10655

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS8AI score0.00486EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201950

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS7.4AI score0.00486EPSS
Exploits1References4
NVD
NVD
added 2025/12/09 4:17 p.m.6 views

CVE-2025-10655

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.8CVSS0.00486EPSS
Exploits1References3
CVE
CVE
added 2025/12/09 2:49 p.m.15 views

CVE-2025-10655

CVE-2025-10655 concerns a SQL injection in the Frappe HelpDesk dashboard: get_dashboard_data, caused by unsafe concatenation of user-controlled parameters into dynamic SQL. Affected product/version: Frappe HelpDesk 1.14.0. Reported impact is limited to what the sources describe; no exploitation d...

8.8CVSS7.6AI score0.00486EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 2:49 p.m.4 views

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS7.6AI score0.00486EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/09 2:49 p.m.43 views

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS0.00486EPSS
Exploits1References3
OSV
OSV
added 2025/12/09 2:49 p.m.2 views

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

8.6CVSS7.3AI score0.00486EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Frappe Helpdesk SQL注入漏洞

Frappe Helpdesk is a customer service software from Frappe Open Source. A SQL injection vulnerability exists in Frappe Helpdesk version 1.14.0, which stems from an unsafe connection of a user control parameter in dashboard getdashboarddata to a dynamic SQL statement, which could lead to a SQL...

8.8CVSS7.8AI score0.00486EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.10 views

PT-2025-49978

Name of the Vulnerable Software and Affected Versions Frappe HelpDesk version 1.14.0 Description A SQL injection issue exists in Frappe HelpDesk within the get dashboard data function of the dashboard component. This is due to the unsafe combination of user-supplied data directly into SQL queries...

8.6CVSS7.6AI score0.00486EPSS
Exploits1References5
EUVD
EUVD
added 2025/11/07 5:29 a.m.4 views

EUVD-2025-38235

The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.5AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

WordPress plugin Page & Post Notes 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.1AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/27 7:46 p.m.3 views

EUVD-2025-36366

Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to...

9.8CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-39923

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00576EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-35939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file...

8.1CVSS7.4AI score0.00576EPSS
Exploits0References2
Rows per page
Query Builder