Lucene search
K

10 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42109

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-28378

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score
Exploits0References2Affected Software2
CVE
CVE
added yesterday11 views

CVE-2026-28378

The CVE-2026-28378 entry describes a vulnerability in Grafana where the public dashboard deletion endpoint does not enforce organization isolation. An Org Admin in one organization can delete public dashboards belonging to another organization by supplying the target dashboard identifiers. Impact...

3.1CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53931

Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...

5.3CVSS6AI score0.00204EPSS
Exploits0References9
NVD
NVD
added 2026/04/15 8:16 p.m.2 views

CVE-2026-21727

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

3.3CVSS0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 10:36 a.m.4 views

CVE-2024-4147 Insufficient Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

7.5CVSS5.5AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/01/15 1:10 p.m.12 views

CVE-2026-0713

The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...

6.3AI score0.00037EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-2986

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A security issue exists in the /apis/dashboard.grafana.app/ API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions v0alpha1,...

8.3CVSS6.1AI score0.00037EPSS
Exploits0References11
NVD
NVD
added 2025/06/02 10:15 a.m.12 views

CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS0.00484EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 10:15 a.m.2 views

UBUNTU-CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS5.8AI score0.00484EPSS
Exploits0References2
Rows per page
Query Builder