Lucene search
K

48 matches found

The Hacker News
The Hacker News
added 2026/05/25 2:13 p.m.28 views

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times...

7.1CVSS7AI score0.0138EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.24 views

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

8.1CVSS5.4AI score0.00328EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-47579

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00473EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-1120

Malicious code in bioql PyPI...

6.5CVSS7.8AI score0.00646EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/04 8:34 a.m.31 views

CVE-2025-8341 SSRF in Infinity Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

5CVSS0.00283EPSS
Exploits0References2
CVE
CVE
added 2025/08/04 8:34 a.m.30 views

CVE-2025-8341

CVE-2025-8341 concerns the Grafana Infinity Datasource Plugin. The connected documents describe an SSRF-type issue where, if the plugin’s allowlist is misused, an attacker could bypass URL restrictions and trigger server-side requests to unintended resources. The vulnerability is tied to the plug...

5CVSS6.2AI score0.00283EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/23 12:0 a.m.4 views

Grafana Labs XSS (CVE-2025-6023)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-6023 advisory. - An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5....

7.6CVSS7.5AI score0.37565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/23 12:0 a.m.7 views

Grafana Labs Integration URL Exposed to Viewers (CVE-2025-3415)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3415 advisory. - Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to...

4.3CVSS5.5AI score0.0089EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/15 12:0 a.m.15 views

Grafana Labs < 10.4.17+security-01, 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 Improper Authorization (CVE-2025-3454)

The version of Grafana Labs installed on the remote host is affected by improper authorization vulnerability as referenced in the CVE-2025-3454 advisory. - This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL...

5CVSS6.2AI score0.00414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/04 12:0 a.m.2 views

Grafana Labs 11.1.0 < 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 XSS (CVE-2025-2703)

The version of Grafana Labs installed on the remote host is affected by cross-site scripting vulnerability as referenced in the CVE-2025-2703 advisory. - The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order t...

6.8CVSS6.2AI score0.10611EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/04 12:0 a.m.5 views

Grafana Labs 10.4.x < 10.4.19, 11.2.x < 11.2.10, 11.3.x < 11.3.7, 11.4 < 11.4.5, 11.5 < 11.5.5, 11.6 < 11.6.2, 12.0.x < 12.0.1 Improper Access Control (CVE-2025-3580)

The version of Grafana Labs installed on the remote host is affected by an improper access control vulnerability as referenced in the CVE-2025-3580 advisory. - An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server...

5.5CVSS7AI score0.00378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/27 12:0 a.m.7 views

Grafana Labs < 11.6.2 Improper Input Validation (CVE-2025-1088)

The version of Grafana Labs installed on the remote host is affected by an improper input validation vulnerability as referenced in the CVE-2025-1088 advisory. In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to improper input...

2.7CVSS5.5AI score0.00394EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/06 12:0 a.m.13 views

Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...

8.3CVSS7.6AI score0.00484EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.11 views

Grafana Labs Privilege Escalation (CVE-2024-9476)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-9476 advisory. - A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within th...

5.1CVSS5.9AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.16 views

Grafana Labs SQL expressions allowing for RCE (CVE-2024-9264)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2024-9264 advisory. - The SQL Expressions experimental feature of Grafana allows for the evaluation of 'duckdb' queries containing user input. These queries are insufficiently sanitize...

9.9CVSS7.4AI score0.97781EPSS
Exploits10References2
NVD
NVD
added 2024/11/13 5:15 p.m.13 views

CVE-2024-9476

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizatio...

5.1CVSS0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/02 12:0 a.m.21 views

Grafana Labs Incorrect Permission (cve-2024-8118)

The version of Grafana Labs installed on the remote host is prior to 10.3.10, 10.4.9, 11.0.5, 11.1.6, or 11.2.1. It is, therefore, affected by a vulnerability as referenced in the cve-2024-8118 advisory. - In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing...

5.1CVSS6.9AI score0.00579EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/07 12:0 a.m.41 views

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1508-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1508-1 advisory. golang-github-prometheus-nodeexporter: - Update to 1.7.0 jscPED-7893, jscPED-7928: FEATURE Add ZFS freebsd per dataset stats 2753...

6.5CVSS6.9AI score0.01385EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2024/04/11 12:0 a.m.67 views

Grafana Labs 9.5 < 9.5.18, 10.0 < 10.0.13, 10.1 < 10.1.9, 10.2 < 10.2.6, 10.3 < 10.3.5 (CVE-2024-1313)

The version of Grafana Labs installed on the remote host is prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6 or 10.3.5. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1313 advisory. - It is possible for a user in a different organization from the owner of a snapshot to bypass...

6.5CVSS7.5AI score0.00646EPSS
Exploits0References2
OSV
OSV
added 2024/03/28 7:19 a.m.33 views

BIT-GRAFANA-2024-1313 Users outside an organization can delete a snapshot with its key

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit ...

6.5CVSS6.8AI score0.00646EPSS
Exploits0References3
Rows per page
Query Builder