Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

PT-2026-28478

Name of the Vulnerable Software and Affected Versions Grafana MSSQL data source plugin affected versions not specified Description The Grafana MSSQL data source plugin has a logic flaw. A low-privileged user Viewer can bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory...

The vulnerability in the web interface of the Wi-Fi router TP-Link Archer C1200 allows a hacker to compromise the integrity of the protected information.

The vulnerability of the web interface for managing microprogramming software on the TP-Link Archer C1200 Wi-Fi router is related to improper restrictions on the layers or frames displayed in the user interface. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...

The vulnerabilities of Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) in microsoftware for Intel Xeon 6 processor with E-cores allow attackers to enhance their privileges.

The vulnerability of Software Guard eXtensions SGX and Trust Domain Extensions TDX in microsoftware for Intel Xeon 6 processor with E-cores is related to improper restrictions on software interfaces by hardware functions. Exploiting this vulnerability can allow attackers to enhance their privileg...

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions...

CVE-2025-0123

Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...

Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].

Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

PT-2024-15954 · WordPress · Wordpress Access Control

Name of the Vulnerable Software and Affected Versions: WordPress Access Control plugin versions up to, and including, 4.0.13 Description: The WordPress Access Control plugin is vulnerable to Sensitive Information Exposure via the REST API. This allows unauthenticated attackers to bypass the...

The software vulnerabilities of the EcoStruxure EV Charging Expert parking charging stations allow a violator to modify system settings or user accounts.

The vulnerability of the EcoStruxure EV Charging Expert parking charging station software is related to incorrect restrictions on the visible layers or frames of the user interface. Exploiting this vulnerability could allow an attacker to remotely modify system settings or user accounts...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in unilogies bumsys versions prior to v2.0.2, which stems from an improper restriction in the UI layer or framework in which the software is rendered...

Apache APISIX 安全漏洞

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

PT-2018-17528 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX versions 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 Description: The issue allows post-authentication SQL injection via the order parameter. It is noted that the vendor disputes this issue, stating it is intentional for users ...