PT-2026-28369

Name of the Vulnerable Software and Affected Versions: Grafana versions 11.6.0 through 11.6.14, 12.0.0 through 12.1.10, 12.2.0 through 12.2.8, 12.3.0 through 12.3.6, and 12.4.0 through 12.4.2. Description: A chained attack involving SQL Expressions and a Grafana Enterprise plugin can lead to remo...

Authorization vulnerability in /apis allows authenticated users to bypass all dashboard permissions

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: Viewers can view all dashboards/folders regardless of permissions Editors...

CVE-2022-23232

StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user accoun...

Netapp StorageGRID 授权问题漏洞

Netapp StorageGRID is a suite of object storage solutions from US-based NetApp Netapp. A security vulnerability exists in versions of StorageGRID formerly known as StorageGRID Webscale prior to 11.6.0 that could allow disabled, expired, or locked external user accounts to access S3 data to which...

CVE-2020-27146

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace Browser contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery CSRF attack on the affected system. A successful attack using this vulnerability...