CVE-2026-33462 Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

CVE-2026-33462

CVE-2026-33462 : Path traversal in Kibana dashboard management allows an authenticated, low-privileged user to craft a dashboard ID that, when deleted by an admin, can be redirected to an unintended endpoint, potentially enabling unauthorized deletion of user accounts or other resources. Affected...

Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)

Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...

Missing Authentication for Critical Function

Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Missing Authentication for Critical Function through unauthenticated access to the DELETE endpoints on the Dashboard HTTP server. An attacker can shut...

CVE-2025-34272

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

EUVD-2025-37219

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

CVE-2025-34272

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

CVE-2025-34272

Nagios Log Server (pre-2024R2.0.3) has a defect where deleting a user’s configured default dashboard may not fall back reliably to an empty default dashboard, potentially showing an unintended default view. This can lead to information exposure or unintended privilege exposure depending on dashbo...

CVE-2025-34273

CVE-2025-34273 concerns Nagios Log Server prior to 2024R2.0.3, where an incorrect authorization check in the global dashboard deletion workflow allows non-administrator users to delete dashboards, potentially affecting other users and the monitoring UI. Affected product: Nagios Log Server; vulner...

CVE-2025-34273 Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

CVE-2025-34273 Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

PT-2025-44516

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3 Description The application does not correctly enforce authorization checks for global dashboard deletion, allowing non-administrator users to delete global dashboards. This impacts other users an...

EUVD-2025-4172

Malicious code in bioql PyPI...

EUVD-2023-1734

Malicious code in bioql PyPI...

CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

CVE-2025-26360

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests...

Design/Logic Flaw

DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard or messages or interfering with the...

CVE-2023-32310

CVE-2023-32310 affects DataEase, where the API endpoints for deleting dashboards and deleting system messages are vulnerable to insecure direct object references (IDOR). The flaw could allow a user to delete another user’s dashboard or messages or interfere with marking messages read. Affected ve...