31 matches found
ALSA-2026:19134 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...
CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-40603
Chartbrew CVE-2026-40603 affects Chartbrew 4.9.0, where a legacy /api/project/dashboard/:brewName route exposes a project’s report data to any authenticated member of the same team, bypassing project-level authorization. This allows a low-privileged same-team user to read another project’s dashbo...
CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
chartbrew 访问控制错误漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from a legacy dashboard routing mechanism that bypasses project-level authorization, returning original...
EUVD-2026-17363
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2025-10655
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
EUVD-2025-201950
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
CVE-2025-10655
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
CVE-2025-10655
CVE-2025-10655 concerns a SQL injection in the Frappe HelpDesk dashboard: get_dashboard_data, caused by unsafe concatenation of user-controlled parameters into dynamic SQL. Affected product/version: Frappe HelpDesk 1.14.0. Reported impact is limited to what the sources describe; no exploitation d...
CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data
SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...
Frappe Helpdesk SQL注入漏洞
Frappe Helpdesk is a customer service software from Frappe Open Source. A SQL injection vulnerability exists in Frappe Helpdesk version 1.14.0, which stems from an unsafe connection of a user control parameter in dashboard getdashboarddata to a dynamic SQL statement, which could lead to a SQL...
PT-2025-49978
Name of the Vulnerable Software and Affected Versions Frappe HelpDesk version 1.14.0 Description A SQL injection issue exists in Frappe HelpDesk within the get dashboard data function of the dashboard component. This is due to the unsafe combination of user-supplied data directly into SQL queries...
EUVD-2025-38235
The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydevnotessavedashboarddata' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress plugin Page & Post Notes 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...
EUVD-2025-36366
Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to...
EUVD-2023-39923
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-35939
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file...