7 matches found
ALSA-2026:2914 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...
Cross-dashboard privilege escalation via permission management
Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...
GHSA-VGMM-27FC-VMGP Maho is Vulnerable to Authenticated Remote Code Execution via File Upload
Summary In Maho 25.7.0, an authenticated staff user with access to the Dashboard and Catalog\Manage Products permissions can create a custom option on a listing with a file input field. By allowing file uploads with a .php extension, the user can use the filed to upload malicious PHP files, gaini...
PT-2025-36514
Name of the Vulnerable Software and Affected Versions: Maho versions prior to 25.9.0 Description: Maho is a free and open source ecommerce platform. An authenticated staff user with access to the Dashboard and CatalogManage Products permissions can create a custom option on a listing with a file...
CVE-2025-3260
A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from a dashboard...
CVE-2024-6354
Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard...