923 matches found
CVE-2026-55880
OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...
GHSA-22P9-WV53-3RQ4 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2026-48801 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2024-1899 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-RMMH-P597-PPVV vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2026-28378
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2026-28378
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2026-28378
The CVE-2026-28378 entry describes a vulnerability in Grafana where the public dashboard deletion endpoint does not enforce organization isolation. An Org Admin in one organization can delete public dashboards belonging to another organization by supplying the target dashboard identifiers. Impact...
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
PT-2026-56258
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The public dashboard deletion endpoint does not enforce organization isolation. This allows an Org Admin from one organization to delete public dashboards...
GHSA-G27C-Q7CP-MHX6 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...
CVE-2026-9673 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...
GHSA-G27C-Q7CP-MHX6 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2026-9673 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
GHSA-FGMJ-FM8M-JVVX vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...
CVE-2026-45249 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, opensearch-dashboards...
GHSA-FGMJ-FM8M-JVVX vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
CVE-2026-45249 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...