Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

PT-2026-28478

Name of the Vulnerable Software and Affected Versions Grafana MSSQL data source plugin affected versions not specified Description The Grafana MSSQL data source plugin has a logic flaw. A low-privileged user Viewer can bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory...

CVE-2024-49842

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions...

CVE-2025-0123

Summary: CVE-2025-0123 affects Palo Alto Networks PAN-OS. Unlicensed administrators can view clear-text data captured via the packet-capture feature in decrypted HTTP/2 data streams on the firewall; HTTP/1.1 streams are not impacted. Exploitation requires access to the management interface and su...

Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].

Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...

CVE-2024-51464

IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...

PT-2024-15954 · WordPress · Wordpress Access Control

Name of the Vulnerable Software and Affected Versions: WordPress Access Control plugin versions up to, and including, 4.0.13 Description: The WordPress Access Control plugin is vulnerable to Sensitive Information Exposure via the REST API. This allows unauthenticated attackers to bypass the...

bumsys 安全漏洞

bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in unilogies bumsys versions prior to v2.0.2, which stems from an improper restriction in the UI layer or framework in which the software is rendered...

Apache APISIX 安全漏洞

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

PT-2018-17528 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX versions 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 Description: The issue allows post-authentication SQL injection via the order parameter. It is noted that the vendor disputes this issue, stating it is intentional for users ...