1032 matches found
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-5318
creationtimestamp| type| source ---|---|--- 2026-04-02 06:31:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miilghshxh2q...
Signal K Server 访问控制错误漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0-beta.1 contained a access control vulnerability. This vulnerability stemmed from unverified endpoints allowing modification of data source priorities, which could lea...
PT-2026-29794
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...
CVE-2026-25212
CVE-2026-25212 affects Percona PMM prior to 3.7. An internal database user with superuser privileges can abuse the Add data source feature to break out of the database context and execute shell commands on the underlying OS, as described in Percona PMM release notes for 3.7.0. Exploitation detail...
Grafana 8.1.0 < 11.6.14 / 12.0.0 < 12.1.10 / 12.2.0 < 12.2.8 / 12.3.0 < 12.3.6 / 12.4.0 < 12.4.2 DoS (CVE-2026-28375)
The version of Grafana installed on the remote host is 8.1.x through 11.6.x prior to 11.6.14, 12.0.x through 12.1.x prior to 12.1.10, 12.2.x prior to 12.2.8, 12.3.x prior to 12.3.6, or 12.4.x prior to 12.4.2. It is, therefore, affected by a denial of service vulnerability: - A testdata data-sourc...
BIT-GRAFANA-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
BIT-GRAFANA-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
SUSE CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
SUSE CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
SUSE CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-28375
A flaw was found in Grafana. A remote attacker with low privileges could exploit this vulnerability by using a specially crafted testdata data-source. This could trigger out-of-memory crashes, leading to a Denial of Service DoS. Mitigation Mitigation for this issue is either not available or the...
EUVD-2026-16638
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
Exposure of Private Personal Information to an Unauthorized Actor
Overview github.com/grafana/grafana/pkg/api is an open and composable observability and data visualization platform. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the public dashboards. An attacker can obtain sensitive...
CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
UBUNTU-CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...