377 matches found
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
UBUNTU-CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
CVE-2026-33380 describes a vulnerability in Grafana’s SQL Expressions feature. An authenticated attacker can read arbitrary files from the Grafana server’s filesystem when the sqlExpressions feature toggle is enabled. The issue affects requests that reach the SQL Expressions component and leverag...
CVE-2026-33380 SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380 SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-33380
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
PT-2026-40793
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw in SQL Expressions enables an authenticated attacker to read arbitrary files from the server's filesystem. This issue only affects instances where the sqlExpressions feature toggle is...
SQL Expressions Read File From Disk
A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server’s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
EUVD-2022-55976
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202
In detail, CVE-2026-42202 affects the laravel package almirhodzic/nova-toggle-5 (Nova toggle feature). Before 1.3.0, the toggle endpoint POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId} was protected only by web + auth:, allowing any authenticated user on the configured guard—even non...
CVE-2026-42202
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
EUVD-2026-28835
nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...
Laravel Nova 5 Toggle Field 授权问题漏洞
Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...
@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +107 more potentially affected by unknown CVE via icu-minify (=4.11.1)
icu-minify NPM version =4.11.1 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...
CVE-2026-42236
Summary: CVE-2026-42236 affects n8n, an open source workflow automation platform. The issue is in the MCP OAuth client registration endpoint, which accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could perform a denia...