15148 matches found
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28374
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...
UBUNTU-CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
UBUNTU-CVE-2026-28374
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...
CVE-2026-28374
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...
CVE-2026-28374
Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...
CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...
CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-33377
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
CVE-2026-33377
CVE-2026-33377 describes a vulnerability where an Editor can overwrite a dashboard not owned by them, escalating to admin on that specific dashboard. The user must have write access to the dashboard to perform the privilege escalation. This issue is tied to dashboard import behavior and ACL handl...
CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin
An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...
GHSA-J274-39QW-32C9 Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()
Summary The Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets, API tokens — into the rendered HTML. No...
Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()
Summary The Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets, API tokens — into the rendered HTML. No...
ANTI-FLUFF
PENTESTINGMETHS Main view example: Web Application As...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which allows any editor to delete any snapshot, even without read/write privileges...
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...