377 matches found
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67806
The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...
CVE-2025-67807
The login mechanism of Sage DPW 202506004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2026-32619
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...
SUSE CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27880
A flaw was found in Grafana. A remote attacker can exploit the feature toggle evaluation endpoint by sending unbounded values, causing the system to read excessive data into memory. This can lead to out-of-memory crashes, resulting in a Denial of Service DoS for the affected service. Mitigation...
CVE-2026-33015
EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop StopTransaction, the EVSE can return to PrepareCharging via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass...
EUVD-2026-16598
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
UBUNTU-CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...
CVE-2026-27876 RCE on Grafana via sqlExpressions
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876 RCE on Grafana via sqlExpressions
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
CVE-2026-27876
Grafana (OSS) is affected when the sqlExpressions feature toggle is enabled, enabling a chained attack against a Grafana Enterprise plugin that can lead to remote arbitrary code execution (RCE). Affected ranges and fixes are: 11.6.0–11.6.14 (fix in 11.6.14); 12.0.0–12.1.10 (fix in 12.1.10; 12.0 i...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the OpenFeature feature toggle evaluation endpoint. An attacker can cause the system to read excessive data into memory by sending unbounded values, potentially leading to...
CVE-2026-27880
The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...