CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/22 12:0 a.m.•8 views

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

7.4CVSS5.9AI score0.00019EPSS

Exploits0References20

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в libvirt

A flaw was discovered in libvirt. External inactive snapshots of shut-down virtual machines are created as being accessible to everyone on the network, allowing unprivileged users to inspect the contents of the guest operating systems. This leads to an information disclosure vulnerability...

5.5CVSS7.1AI score0.00033EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bcachefs: kvfree bchfs::snapshots in bch2fssnapshotsexit bchfs::snapshots is allocated by kvzalloc in snapshott Mut. It should be freed by kvfree, not kfree. Otherwise, umount will trigger the following errors: 406.829178 BUG:...

5.5CVSS6AI score0.00064EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: devlink: The region lock is held during the flushing of snapshots. When Netdevsim is reloaded, it destroys regions with pending snapshots. WARNING: CPU: 1 PID: 787 at net/core/devlink.c:6291 devlinkregionsnapshotdel+0x12e/0x140...

5.8AI score0.00024EPSS

OSV•added 2026/05/15 8:42 a.m.•1 views

BIT-GRAFANA-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00013EPSS

Cvelist•added 2026/05/13 7:28 p.m.•26 views

CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS0.00013EPSS

CVE•added 2026/05/13 7:28 p.m.•16 views

CVE-2026-28380

The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...

6.5CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

Grafana•added 2026/05/13 12:0 a.m.•7 views

BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00013EPSS

Exploits0

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2026-29104

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

NVD•added 2026/05/11 5:16 p.m.•5 views

CVE-2026-33359

7.5CVSS0.00056EPSS

ATTACKERKB•added 2026/05/11 4:3 p.m.•2 views

CVE-2026-33359

Cvelist•added 2026/05/11 4:3 p.m.•24 views

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

7.5CVSS0.00056EPSS

Vulnrichment•added 2026/05/11 4:3 p.m.•4 views

CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage

Positive Technologies•added 2026/05/11 12:0 a.m.•4 views

PT-2026-39642

CNNVD•added 2026/05/11 12:0 a.m.•3 views

Meari Alibaba OSS 安全漏洞

Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...

RedhatCVE•added 2026/05/08 8:34 p.m.•7 views

CVE-2026-43361

A flaw was found in the Linux kernel's Btrfs filesystem. A malicious user can exploit this by repeatedly creating snapshots of a previously received subvolume. This action can lead to an item overflow, causing a transaction abort and forcing the filesystem into a read-only state. This results in ...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

SUSE CVE•added 2026/05/08 2:22 a.m.•5 views

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00054EPSS

OSV•added 2026/05/07 5:31 a.m.•2 views

GHSA-98H9-4798-4Q5V Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

Impact A trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variants, all sharing the same root cause — the trustremotecode gate was...

8.8CVSS6.6AI score0.00041EPSS

Exploits1References7

NVD•added 2026/05/06 9:16 p.m.•2 views

CVE-2026-40197

7.1CVSS0.00054EPSS