CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

ATTACKERKB•added 2026/06/08 12:5 p.m.•8 views

CVE-2026-7186

Stored cross-site scripting in the URL dashboard widget in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the...

8.5CVSS5.2AI score0.00136EPSS

Exploits0References2Affected Software1

SUSE Linux•added 2026/03/25 10:31 a.m.•6 views

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

8.7CVSS5.8AI score0.0089EPSS

Exploits1References22

OSV•added 2026/03/06 3:51 p.m.•6 views

CLSA-2026-1772812307 grafana: Fix of CVE-2026-21721

CVE-2026-21721: Fix dashboard permissions API; verify target dashboard scope and prevent users with permission-management rights on one dashboard from reading or modifying permissions on other dashboards...

8.1CVSS7.2AI score0.00388EPSS

Exploits1References1

RedHat Linux•added 2026/03/02 11:51 a.m.•4 views

grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

An authorization error has been discovered in Grafana dashboards. The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions ...

8.1CVSS5.8AI score0.00388EPSS

Exploits1References5

RedHat Linux•added 2026/03/02 11:51 a.m.•8 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS7.1AI score0.00388EPSS

Exploits1References2

OSV•added 2026/02/24 6:56 p.m.•5 views

RLSA-2026:2914 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 grafana/grafana/pkg/services/dashboards: Grafana...

8.1CVSS5.6AI score0.00765EPSS

Exploits5References6

OSV•added 2026/02/24 6:54 p.m.•9 views

RLSA-2026:2920 Important: grafana security update

8.1CVSS5.6AI score0.00765EPSS

Exploits5References6

Rockylinux•added 2026/02/24 6:54 p.m.•9 views

grafana security update

An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

10CVSS5.7AI score0.00765EPSS

Exploits5

RedHat Linux•added 2026/02/23 11:43 a.m.•7 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.1CVSS7.1AI score0.00388EPSS

Exploits1References2

Tenable Nessus•added 2026/02/23 12:0 a.m.•6 views

RHEL 10 : grafana (RHSA-2026:3078)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3078 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes:...

8.1CVSS7.1AI score0.00388EPSS

Exploits1References4

OSV•added 2026/02/20 8:41 a.m.•2 views

BIT-GRAFANA-2026-21721 Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

8.1CVSS5.5AI score0.00388EPSS

Exploits1References3

RedHat Linux•added 2026/02/18 11:31 a.m.•8 views

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

10CVSS6.7AI score0.00765EPSS

Exploits5References6

SUSE CVE•added 2026/01/28 12:25 a.m.•3 views

SUSE CVE-2026-21721

8.1CVSS5.9AI score0.00388EPSS

Exploits1References9

Tenable Nessus•added 2026/01/28 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-21721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has...

8.1CVSS5.5AI score0.00388EPSS

Exploits1References2

Snyk•added 2026/01/27 9:49 a.m.•3 views

Incorrect Authorization

Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Incorrect Authorization via the dashboard permissions API. A user who has management write permissions can gain unauthorized...

8.6CVSS5.9AI score0.00388EPSS

Exploits1References2