Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Grafana 11.6.x < 11.6.3 Multiples Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is prior to 11.3.8, or 11.4.x prior to 11.4.6, or 11.5.x prior to 11.5.6, or 11.6.x prior to 11.6.3, or 12.0.x prior to 12.0.2, or 12.1.x prior to 12.1.2. It is, therefore, affected by multiples vulnerabilities....

7.6CVSS6.5AI score0.37565EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1473

Malicious code in bioql PyPI...

4.3CVSS7AI score0.01746EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-33572

Malicious code in bioql PyPI...

8.5CVSS8.8AI score0.01116EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running...

5.4CVSS5.8AI score0.0074EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-15727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid remember me cookie knowing onl...

9.8CVSS7.1AI score0.64284EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/08/05 1:15 p.m.8 views

U.S. Dept Of Defense: CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████

A vulnerability, identified as CVE-2025-4123, was discovered in Grafana OSS and Enterprise versions 8.x through 12.x. The vulnerability allowed unauthenticated attackers to chain multiple flaws, including an open redirect through path traversal in the public redirect handler, stored cross-site...

7.6CVSS6.2AI score0.97809EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.1 views

PT-2025-25859 · Google +2 · Chromium +2

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 11.6.2 Description: The issue is caused by an excessively long dashboard title or panel name, leading to Improper Input Validation vulnerability in Grafana, which affects Chromium browsers and causes them to become...

4CVSS6.1AI score0.00394EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.4 views

Grafana < 10.4.15 Exposure Of Sensitive Information To An Unauthorized Actor

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.15, or earlier than 11.0.11, or earlier than 11.1.11, or earlier than 11.2.6, or earlier than 11.3.3, or earlier than 11.4.1. It is, therefore, affected by a exposure of sensitive informatio...

4.3CVSS7AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.6 views

Grafana 11.6.x < 11.6.2 Improper Access Control

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...

5.5CVSS7.4AI score0.00378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.7 views

Grafana 11.4.x < 11.4.5 Improper Access Control

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.19, or 11.2.x earlier than 11.2.10, or 11.3.x earlier than 11.3.7, or 11.4.x earlier than 11.4.5, or 11.5.x earlier than 11.5.5, or 11.6.x earlier than 11.6.2, or 12.0.x earlier than 12.0.1...

5.5CVSS7.4AI score0.00378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.8 views

Grafana 10.0.x < 10.0.11 Incorrect Authorization

According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...

5.4CVSS7.4AI score0.01385EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.2 views

Grafana 9.3.x < 9.3.4 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 9.2.10, or 9.3.x earlier than 9.3.4. It is, therefore, affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the...

6.4CVSS6.7AI score0.01562EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.4 views

Grafana 10.0.x < 10.0.12 Improper Privilege Management

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege...

8.8CVSS7.5AI score0.00802EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.3 views

Grafana 10.1.x < 10.1.8 Improper Privilege Management

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 9.5.7, or 10.0.x earlier than 10.0.12, or 10.1.x earlier than 10.1.8, or 10.2.x earlier than 10.2.5, or 10.3.x earlier than 10.3.4. It is, therefore, affected by a improper privilege...

8.8CVSS7.5AI score0.00802EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.4 views

PT-2025-17602 · Grafana +1 · Grafana +1

Name of the Vulnerable Software and Affected Versions: Grafana versions v0alpha1 through v2alpha1 Description: A security issue in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The impact includes viewers being able to view all...

8.7CVSS6.4AI score0.97809EPSS
Exploits6References37
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.4 views

PT-2025-1685 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 10.4.15 Grafana versions prior to 11.0.11 Grafana versions prior to 11.1.11 Grafana versions prior to 11.2.6 Grafana versions prior to 11.3.3 Grafana versions prior to 11.4.1 Grafana versions prior to 11.5.0...

10CVSS7.5AI score0.97809EPSS
Exploits26References131
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.6 views

PT-2024-7005

Name of the Vulnerable Software and Affected Versions Grafana versions prior to v11.0.6+security-01 Grafana versions prior to v11.1.7+security-01 Grafana versions prior to v11.2.2+security-01 Description The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queri...

9.9CVSS7.2AI score0.97809EPSS
Exploits33References183
Oracle linux
Oracle linux
added 2023/11/17 12:0 a.m.70 views

grafana security and enhancement update

9.2.10-7 - resolve RHEL-12649 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing is turned off due to test failures caused by testing date mismatch 9.2.10-6 - Add /usr/share/grafana to systemd-sysusers --replace 9.2.10-5 - resolve CVE-2023-3128 grafana:...

9.8CVSS6.7AI score0.99999EPSS
Exploits34
Grafana
Grafana
added 2023/06/06 12:0 a.m.9 views

Broken Access Control in Alert manager: Viewer can send test alerts

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

7.5CVSS5.8AI score0.01027EPSS
Exploits1
Grafana
Grafana
added 2023/03/22 12:0 a.m.8 views

Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

6.2CVSS6.8AI score0.00962EPSS
Exploits1
Rows per page
Query Builder