Lucene search
K

380 matches found

ubuntucve
ubuntucve
added 2026/03/27 3:16 p.m.10 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/27 2:2 p.m.6 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/03/27 2:2 p.m.57 views

CVE-2026-27877

CVE-2026-27877 affects Grafana where, when using public dashboards with direct data-sources, passwords for those data-sources are exposed. The root cause is direct data-source password handling leaking in such dashboards. The advisory recommends converting direct data-sources to proxied data-sour...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References10Affected Software1
vulnrichment
vulnrichment
added 2026/03/27 2:2 p.m.3 views

CVE-2026-27877 Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/27 2:2 p.m.30 views

CVE-2026-27877 Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

6.5CVSS0.00309EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/03/27 2:2 p.m.5 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.2AI score0.00309EPSS
Exploits0
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.11 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has security vulnerabilities; these vulnerabilities arise from...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/27 12:0 a.m.6 views

PT-2026-28370

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description When using public dashboards and direct data-sources, passwords for direct data-sources are exposed even if they are not actively used in dashboards. Passwords for proxied data-sources are n...

7.5CVSS5.6AI score0.00309EPSS
Exploits0References117
freebsd
freebsd
added 2026/03/27 12:0 a.m.12 views

Grafana -- Public dashboards discloses all direct mode datasources

https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-source...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
suse
suse
added 2026/03/25 10:31 a.m.7 views

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

8.7CVSS5.8AI score0.0089EPSS
Exploits1References22
nessus
nessus
added 2026/03/06 12:0 a.m.7 views

RHEL 8 : grafana-pcp (RHSA-2026:3821)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3821 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS7.2AI score0.01945EPSS
Exploits2References6
githubexploit
githubexploit
added 2026/03/04 6:34 a.m.178 views

Exploit for SQL Injection in Dbgpt Db-Gpt

DBGPT Unauthenticated Information Disclosure & SQL Execution P...

9.8CVSS7.6AI score0.01083EPSS
Exploits2
cnnvd
cnnvd
added 2026/02/25 12:0 a.m.8 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that stems from a time difference betwe...

2.6CVSS5.8AI score0.00175EPSS
Exploits0References1
nvd
nvd
added 2026/02/12 9:16 a.m.8 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS0.00239EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/02/12 9:16 a.m.4 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References2
osv
osv
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS6.6AI score0.00239EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/12 8:49 a.m.6 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/02/12 8:49 a.m.4 views

CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/02/11 12:0 a.m.6 views

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

5.7AI score
Exploits0
veracode
veracode
added 2026/01/19 9:35 a.m.6 views

Remote Code Execution (RCE)

UmbracoForms is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied WSDL URLs used as data sources, which allows an authenticated attacker to supply a malicious web service definition and execute arbitrary code on the server...

7.5CVSS6.3AI score0.00681EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder