CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

5.4CVSS7.5AI score0.00682EPSS

Exploits0References2

SUSE Linux•added 2025/09/23 9:4 a.m.•3 views

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...

8.8CVSS6.9AI score0.00271EPSS

Exploits0References58

Vulnrichment•added 2025/09/15 4:4 p.m.•2 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.2AI score0.01303EPSS

Exploits1References2

Veracode•added 2025/09/04 8:59 a.m.•5 views

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...

6.5CVSS6.3AI score0.00479EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2025/09/02 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-23498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including...

8.8CVSS7.8AI score0.01132EPSS

Exploits1References2

Tenable Nessus•added 2025/09/02 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2020-24303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. CVE-2020-24303 Note that Nessus relies on the presence of the package...

6.1CVSS7.2AI score0.01823EPSS

Exploits0References2

Veracode•added 2025/08/21 7:38 a.m.•3 views

Improper Input Validation

github.com/grafana/grafana-infinity-datasource is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of allowed URL restrictions, which allows an attacker to bypass configured URL checks using a specially crafted URL...

5CVSS6.9AI score0.00283EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2025/08/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different...

9.8CVSS6.8AI score0.04918EPSS

Exploits0References2

OSV•added 2025/08/18 8:13 a.m.•12 views

BIT-SUPERSET-2025-55675 Apache Superset: Incorrect datasource authorization on REST API

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

6.5CVSS6.5AI score0.00479EPSS

Exploits0References3