EUVD-2021-2088

Malware in sbrugna...

EUVD-2021-2065

Malware in sbrugna...

EUVD-2022-33102

Malicious code in bioql PyPI...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

CVE-2024-57773

A cross-site scripting XSS vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Lunary Cross-Site Scripting Vulnerability

lunary is lunary open source a production toolkit for LLM . lunary has a cross-site scripting vulnerability , the vulnerability stems from the failure to escape or validate the user-supplied orgId parameter , an attacker can use the vulnerability to steal user cookies or authentication tokens...

Lunary 跨站脚本漏洞

lunary is lunary open source a production toolkit for LLM . lunary has a cross-site scripting vulnerability , the vulnerability stems from the failure to escape or validate the user-supplied orgId parameter , an attacker can use the vulnerability to steal user cookies or authentication tokens...

SUSE CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

CVE-2022-28660

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode...

PT-2022-19149 · Grafana · Grafana Enterprise Logs +1

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise Logs versions 1.1.x through 1.3.x Description: The querier component does not require authentication when X-Scope-OrgID is used, affecting -auth.type=enterprise in microservices mode. Recommendations: For versions 1.1.x...

CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

Directory traversal

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

Grafana 路径遍历漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana Loki 2.2.1 and earlier versions, which stem...

Visma Public: [IDOR]Ability to edit Description of api_key's of other users.

The reasearcher was able to change the description associated with API-keys for other users on the /api/orgID/apiKey endpoint by modifying the id of the API-key in the request...

Quest KACE System Management Appliance SQL Injection Vulnerability (CNVD-2018-15268)

Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A SQL injection vulnerability exists in the '/common/downloadagentinstaller.php' script in version 8.0.318 of the Quest KACE System Management Appliance, which originates from the program failing ...

CVE-2018-11136

The 'orgID' parameter received by the '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, a blind time-based type...

ProvideChat Cross Site Scripting

Exploit Title: ProvideChat Cross Site Scripting Date: 15.03.2012 Author: Sony Software Link: http://providechat.com Google Dorks: inurl:/chat/unavailable.php?orgId= or intext:powered by providechat Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC:...