CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Positive Technologies•added 2026/01/15 12:0 a.m.•2 views

PT-2026-3008

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw exists in Grafana’s datasource proxy API that permits bypassing authorization checks. This is achieved by including an additional slash character within the URL path. Users with limite...

5CVSS6AI score0.00027EPSS

Exploits0References8

Tenable Nessus•added 2025/07/15 12:0 a.m.•14 views

Grafana Labs < 10.4.17+security-01, 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 Improper Authorization (CVE-2025-3454)

The version of Grafana Labs installed on the remote host is affected by improper authorization vulnerability as referenced in the CVE-2025-3454 advisory. - This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL...

5CVSS6.2AI score0.00032EPSS

Exploits0References2

Tenable Nessus•added 2025/06/06 12:0 a.m.•9 views

Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...

8.3CVSS7.6AI score0.00008EPSS

Exploits0References2

OSV•added 2025/06/04 2:44 p.m.•3 views

BIT-GRAFANA-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.5AI score0.00032EPSS

Exploits0References2