BIT-GRAFANA-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

EUVD-2025-209475

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

CVE-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

CVE-2025-12141

CVE-2025-12141 affects Grafana Alerting: users with edit permissions on a contact point (alert.notifications:write or alert.notifications.receivers:test) granted via the fixed role Contact Point Writer within the Editor role can modify destinations of contact points created by others. An attacker...

CVE-2021-31987

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

CVE-2021-31988

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed CRLF control characters and include arbitrary SMTP headers in the generated test email...

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

EUVD-2008-3038

Malware in sbrugna...

EUVD-2021-18859

Malware in sbrugna...

Improper access control

A vulnerability in Mitel 6900 Series IP MiNet phones excluding 6970, versions 1.8 1.8.0.12 and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploi...

Design/Logic Flaw

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

CVE-2008-3048 concerns the PDF Generator 2 (pdf_generator2) extension for TYPO3 (versions 0.5.0 and earlier). The vulnerability is described as unspecified with unknown impact and attack vectors, related to an "Unprotected test functionality." The connected documents provide the affected product ...