Lucene search
K

4 matches found

Cvelist
Cvelist
added last week26 views

CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS0.01965EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:25 p.m.2 views

CVE-2025-34277 Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.4CVSS8AI score0.01965EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/06/05 12:0 a.m.14 views

PT-2020-12784 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.7.0 iTop essential and iTop professional versions prior to 2.6.4 Description: The issue allows dashboard ids to be exploited with a reflective XSS payload. Recommendations: For versions prior to 2.7.0, update to versi...

9.8CVSS6.7AI score0.25573EPSS
Exploits11References64
Rows per page
Query Builder