213 matches found
InfluxDB <1.7.6 - Authentication Bypass
InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret aka shared secret. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
CVE-2026-25680 affecting package influxdb for versions less than 2.7.5-17
CVE-2026-25680 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...
CVE-2026-25681 affecting package influxdb for versions less than 2.7.5-17
CVE-2026-25681 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...
CVE-2026-27136 affecting package influxdb for versions less than 2.7.5-17
CVE-2026-27136 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...
CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17
CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...
CVE-2026-41602 affecting package influxdb for versions less than 2.7.5-16
CVE-2026-41602 affecting package influxdb for versions less than 2.7.5-16. A patched version of the package is available...
CVE-2025-58190 affecting package influxdb for versions less than 2.7.5-13
CVE-2025-58190 affecting package influxdb for versions less than 2.7.5-13. A patched version of the package is available...
CVE-2025-47911 affecting package influxdb for versions less than 2.7.5-13
CVE-2025-47911 affecting package influxdb for versions less than 2.7.5-13. A patched version of the package is available...
CVE-2025-47911 affecting package influxdb for versions less than 2.6.1-30
CVE-2025-47911 affecting package influxdb for versions less than 2.6.1-30. A patched version of the package is available...
CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30
CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30. A patched version of the package is available...
CVE-2025-11065 affecting package influxdb for versions less than 2.6.1-30
CVE-2025-11065 affecting package influxdb for versions less than 2.6.1-30. A patched version of the package is available...
CVE-2026-25751
CVE-2026-25751 affects FUXA up to version 1.2.9 and is a information-disclosure flaw that exposes sensitive administrative credentials for InfluxDB, enabling an attacker to obtain the full system configuration and potentially authenticate to the database to read/modify/delete data or cause DoS. T...
AZL-76988 CVE-2025-58190 affecting package influxdb 2.7.5-10
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-75428 CVE-2025-11065 affecting package influxdb 2.7.5-10
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75479 CVE-2025-11065 affecting package influxdb for versions less than 2.6.1-30
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-65637 affecting package influxdb for versions less than 2.6.1-25
CVE-2025-65637 affecting package influxdb for versions less than 2.6.1-25. A patched version of the package is available...
AZL-71602 CVE-2025-65637 affecting package influxdb for versions less than 2.6.1-28
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...
AZL-71311 CVE-2025-10543 affecting package influxdb for versions less than 2.7.5-10
In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...
AZL-71299 CVE-2025-10543 affecting package influxdb for versions less than 2.6.1-27
In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...
Linux Distros Unpatched Vulnerability : CVE-2018-1000816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running...