90 matches found
Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007100)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007100 advisory. A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to ...
Grafana 11.6.0 - SSRF
Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 11.2.0 - 11.6.0 CVE: CVE-2025-4123 Description: An SSRF Server-Side Request Forgery...
📄 Grafana 11.6.0 Server-Side Request Forgery
Grafana versions 11.2.0 through 11.6.0 suffer from a server-side request forgery vulnerability. Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download...
AnythingLLM 跨站脚本漏洞
AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM 1.11.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the presence of a streaming-phase cross-site script in the chat rendering pipeline. Due to insecure...
EUVD-2026-12105
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...
CVE-2026-32626
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...
CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...
PT-2026-25378
Another example of the nodeIntegration: true / contextIsolation: false combination leading to a critical security vulnerability in a production Electron application. AnythingLLM Desktop is a popular local LLM + RAG tool. Their streaming chat renderer does not sanitise LLM output before DOM...
CVE-2026-22638
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
CVE-2026-22638
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22638
A cross-site scripting (XSS) vulnerability exists in Grafana caused by a combination of client path traversal and open redirect. This can redirect users to a site hosting a frontend plugin that executes arbitrary JavaScript, without requiring editor permissions; anonymous access may enable exploi...
CVE-2026-22638
...
CVE-2026-22638
...
PT-2026-3005
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A cross-site scripting XSS issue exists in Grafana due to a combination of client path traversal and open redirect. This allows attackers to redirect users to a website hosting a frontend...
GHSA-RX8G-88G5-QH64 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards...
CVE-2025-57352 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards...
GHSA-RX8G-88G5-QH64 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, foxx-cli, opensearch-dashboards...
CVE-2025-57352 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer, opensearch-dashboards-fips, foxx-cli, opensearch-dashboards...