Lucene search
+L

387 matches found

Circl
Circl
added 2026/05/21 5:47 p.m.12 views

CVE-2026-28910

creationtimestamp| type| source ---|---|--- 2026-05-21 17:47:19+00:00| seen| https://infosec.exchange/users/alexandreborges/statuses/116613816857863838 2026-05-21 17:47:29+00:00| seen| https://bsky.app/profile/alexandreborges.bsky.social/post/3mmexyl75a22g 2026-05-22 04:40:06+00:00| seen|...

3.3CVSS5.8AI score0.00119EPSS
Exploits0References8
OSV
OSV
added 2026/05/21 4:27 p.m.8 views

RLSA-2023:2177 Moderate: grafana-pcp security and enhancement update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

6.5CVSS7.3AI score0.02607EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 4:15 p.m.13 views

grafana: Grafana: Information disclosure of data-source passwords via public dashboards

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References6
OSV
OSV
added 2026/05/13 7:28 p.m.2 views

CVE-2026-33378 Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 12:5 p.m.13 views

RLSA-2026:11881 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 12:0 p.m.20 views

RLSA-2026:11514 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

7.8CVSS7.4AI score0.00621EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

8.8CVSS5.9AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 3:6 p.m.2 views

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

6.3CVSS6AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 3:6 p.m.16 views

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

6.3CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 3:6 p.m.83 views

CVE-2026-35515

NestJS/core (@nestjs/core) contains a vulnerability in SseStream._transform() where un sanitized interpolation of upstream data into SSE output allows an attacker to inject arbitrary SSE events, spoof event types, and corrupt reconnection state. The issue arises from inserting message.type and me...

6.3CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/03 9:42 p.m.6 views

EUVD-2026-18374

Signal K Server: Unauthenticated Source Priorities Manipulation...

6.9CVSS5.9AI score0.0031EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:11 p.m.3 views

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

6.9CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/02 4:11 p.m.19 views

CVE-2026-33951

Signal K Server (boat hub) exposes an unauthenticated HTTP endpoint PUT /signalk/v1/api/sourcePriorities that directly assigns user input to the server configuration, enabling attackers to modify navigation data source priorities. The issue is triggered by missing authentication/authorization and...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.7 views

Grafana 9.3.0 < 11.6.14 / 12.0.0 < 12.1.10 / 12.2.0 < 12.2.8 / 12.3.0 < 12.3.6 / 12.4.0 < 12.4.2 Information Disclosure (CVE-2026-27877)

The version of Grafana installed on the remote host is 9.3.x through 11.6.x prior to 11.6.14, 12.0.x through 12.1.x prior to 12.1.10, 12.2.x prior to 12.2.8, 12.3.x prior to 12.3.6, or 12.4.x prior to 12.4.2. It is, therefore, affected by an information disclosure vulnerability: - When using publ...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 8:41 a.m.3 views

BIT-GRAFANA-2026-27877 Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.7 views

SUSE CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References12
Grafana
Grafana
added 2026/03/30 12:0 a.m.12 views

Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources’ passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00298EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.32 views

Linux Distros Unpatched Vulnerability : CVE-2026-27877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxi...

7.5CVSS5.3AI score0.00298EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 8:57 p.m.5 views

CVE-2026-27877

A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References4
Rows per page
Query Builder