Lucene search
K

14 matches found

Nuclei
Nuclei
added 2026/06/25 5:45 a.m.34 views

Grafana Post-Auth DuckDB - SQL Injection To File Read

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

9.9CVSS6.6AI score0.97781EPSS
Exploits10References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2022-4464

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00318EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-3028

Malicious code in bioql PyPI...

6.1CVSS6.9AI score0.0182EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1710

Malicious code in bioql PyPI...

7.6CVSS7AI score0.00612EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.4 views

Grafana 11.5.x < 11.5.4 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...

7.6CVSS6.7AI score0.97809EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.6 views

Grafana 11.1.x < 11.3.5+security-01 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is 11.1.x earlier than 11.2.8+security-01, or 11.1.x earlier than 11.3.5+security-01, or 11.1.x earlier than 11.4.3+security-01, or 11.1.x earlier than 11.5.3+security-01, or 11.1.x earlier than...

6.8CVSS6.7AI score0.13697EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.3 views

Grafana 11.1.x < 11.5.3+security-01 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is 11.1.x earlier than 11.2.8+security-01, or 11.1.x earlier than 11.3.5+security-01, or 11.1.x earlier than 11.4.3+security-01, or 11.1.x earlier than 11.5.3+security-01, or 11.1.x earlier than...

6.8CVSS6.7AI score0.13697EPSS
Exploits0References2
NVD
NVD
added 2025/06/02 11:15 a.m.19 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS0.00414EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/02 10:34 a.m.28 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS5.4AI score0.00414EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/26 1:47 p.m.11 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

4.2CVSS5.7AI score0.01504EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.7 views

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

4.9CVSS7.5AI score0.00964EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/07/15 12:10 p.m.5 views

CVE-2022-31097 Stored XSS in Grafana's Unified Alerting

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...

7.3CVSS8.2AI score0.68603EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/05/24 5:24 p.m.29 views

CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...

6.2AI score0.0182EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/04/27 1:15 p.m.27 views

CVE-2020-12052

Grafana version 6.7.3 is vulnerable for annotation popup XSS...

6.1CVSS6.8AI score0.0148EPSS
Exploits0References2
Rows per page
Query Builder