1033 matches found
CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
CVE-2026-28375 Grafana Testdata datasource can issue unbounded memory allocations
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
CVE-2026-28375
CVE-2026-28375 affects Grafana via the testdata data-source, where a flaw permits unbounded memory allocations, leading to out-of-memory crashes. The connected CVE entry confirms the root cause as unbounded allocations by the testdata data-source, resulting in availability impact (OOM) . The prov...
Allocation of Resources Without Limits or Throttling
Overview github.com/grafana/grafana/pkg/tsdb is a developer testing tool for Grafana. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the testdata data-source. An attacker can cause the application to crash and become unavailable by...
CVE-2026-28375
A testdata data-source can be used to trigger out-of-memory crashes in Grafana...
CVE-2026-27877
When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...
Grafana 安全漏洞
Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that can lead to a memory insufficiency...
PT-2026-28379
This update fixes the following issues: golang-github-lusitaniae-apache exporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup bsc1258893 +...
CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33375
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...
OESA-2026-1691 c3p0 security update
c3p0 is a JDBC driver for extending traditional libraries DriverManager-based libraries with JNDI bindable data sources including data sources, as described in the jdbc3 specification and jdbc2 standard extensions. They implement connections and statement pools. Security Fixes: c3p0 is a JDBC...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...