Lucene search
+L

66 matches found

attackerkb
attackerkb
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/07 6:0 a.m.6 views

RLSA-2026:35831 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

8.2CVSS6AI score0.00478EPSS
Exploits0References2
osv
osv
added 2026/07/06 12:0 a.m.6 views

ALSA-2026:35831 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
osv
osv
added 2026/06/25 6:26 p.m.3 views

GO-2026-5095 Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana

Grafana public dashboards disclose all direct mode datasources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/27 5:3 p.m.45 views

CVE-2026-46427 Budibase: Snowflake private key returned unmasked from datasource API to BASIC users

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS0.00223EPSS
Exploits0References1
euvd
euvd
added 2026/05/27 5:3 p.m.12 views

EUVD-2026-32595

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
rocky
rocky
added 2026/05/21 4:27 p.m.11 views

grafana-pcp security and enhancement update

An update is available for grafana-pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS6.9AI score0.02607EPSS
Exploits0
rocky
rocky
added 2026/05/20 12:3 a.m.20 views

grafana-pcp security update

An update is available for grafana-pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS5.8AI score0.0052EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.14 views

PT-2026-41398

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description Budibase contains a route-level authorization misconfiguration where the endpoint "PUT /api/datasources/:datasourceId" is incorrectly assigned to the authorizedRoutes group with TABLE/READ...

8.8CVSS6AI score0.00251EPSS
Exploits0References5
cve
cve
added 2026/05/13 7:28 p.m.34 views

CVE-2026-33378

CVE-2026-33378 concerns Grafana’s Data Source Plugin. The vulnerability arises from the __timeGroup macro when used with a SQL datasource, allowing an attacker to trigger a DoS by causing an OOM on the server. The attack requires no user interaction and has network access with low privileges. If ...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2026/04/20 9:31 a.m.7 views

Important: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/12 8:49 a.m.42 views

CVE-2025-41117 XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS0.00239EPSS
Exploits0References1
freebsd
freebsd
added 2026/02/12 12:0 a.m.11 views

Grafana -- XSS in Grafana Explore stack trace

https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasourc...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/16 2:23 p.m.6 views

CVE-2026-0713

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS6.7AI score0.00037EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/15 1:10 p.m.2 views

CVE-2026-0713

...

5.3AI score0.00037EPSS
Exploits0
cve
cve
added 2026/01/15 1:10 p.m.18 views

CVE-2026-0713

The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...

6.3AI score0.00037EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/01/15 12:0 a.m.7 views

PT-2026-3008

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw exists in Grafana’s datasource proxy API that permits bypassing authorization checks. This is achieved by including an additional slash character within the URL path. Users with limite...

5CVSS6AI score0.00027EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/01/15 12:0 a.m.7 views

PT-2026-2986

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A security issue exists in the /apis/dashboard.grafana.app/ API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions v0alpha1,...

8.3CVSS6.1AI score0.00037EPSS
Exploits0References11
nessus
nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-3454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with...

5CVSS6.1AI score0.00414EPSS
Exploits0References2
nessus
nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-3260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability...

8.3CVSS7.7AI score0.00501EPSS
Exploits0References2
Rows per page
Query Builder