Lucene search
K

4925 matches found

Nuclei
Nuclei
added yesterday48 views

Grafana - Improper Access Control

Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service. id: CVE-2019-15043 info: name: Grafana - Improper Access Control author: Joshua Rogers severity: high description: | Grafana 2.x...

7.5CVSS6.8AI score0.63388EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday100 views

Grafana & Zabbix Integration - Credentials Disclosure

Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search...

9.8CVSS7AI score0.53439EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday28 views

Grafana - Exposes DingDing API Keys

An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight in versions below or equals to 12.0.1. id: CVE-2025-3415 info: name: Grafana - Exposes DingDing API Keys author: lucasribolli severity: medium description: | An inciden...

4.3CVSS6.2AI score0.0089EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday103 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.7AI score0.09619EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday194 views

Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS6.8AI score0.84607EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS0.00359EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS0.0038EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-8609

Grafana CVE-2026-8609 describes an unauthenticated denial-of-service via repeated requests to the OAuth login route. The issue allows an attacker to trigger unbounded memory growth, potentially exhausting memory and crashing the Grafana instance. The entry provides CVSS v3.1 data (AV:N/AC:L/PR:N/...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42921

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2 days ago4 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score0.00359EPSS
Exploits0
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42920

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-33382

CVE-2026-33382 affects Grafana API endpoints that may process unbounded request bodies, including unauthenticated ones. The underlying issue is lack of input size limits, allowing very large payloads to trigger excessive memory allocation and potential denial of service. The CVSS v3.1 base score ...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2 days ago4 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0
Chainguard
Chainguard
added 3 days ago5 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cloudsearch-fips, crossplane-provider-aws-cloudwatchevents, frankenphp-8.4, crossplane-provider-aws-cloudcontrol-fips, redpanda, crossplane-provider-azure-spring, bank-vaults-fips, crossplane-provider-azure-netapp, volume-modifier-for-k8s-fips...

6.1AI score
Exploits0
Nuclei
Nuclei
added 5 days ago83 views

Grafana v8.x - Arbitrary File Read

Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is /public/plugins/NAME/, where NAME is the plugin ID for any installed plugin. id: CVE-2021-43798 info: name: Grafana v8.x - Arbitrary File Read autho...

7.5CVSS7.3AI score0.88849EPSS
Exploits44References5
Nuclei
Nuclei
added 5 days ago90 views

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

7.5CVSS7.1AI score0.83042EPSS
Exploits0References5
Rows per page
Query Builder