24h | 7d | 30d

Overview

  • grafana
  • grafana

03 Feb 2023
Published
28 Jan 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.08%

KEV

Description

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

20 May 2022
Published
03 Aug 2024
Updated

CVSS
Pending
EPSS
0.22%

KEV

Description

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • crewjam/saml

21 Dec 2020
Published
04 Aug 2024
Updated

CVSS
Pending
EPSS
1.25%

KEV

Description

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

21 Mar 2022
Published
03 Aug 2024
Updated

CVSS
Pending
EPSS
15.73%

KEV

Description

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Grafana
  • Grafana Enterprise

21 Nov 2025
Published
22 Jun 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
17.29%

KEV

Description

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Go toolchain
  • cmd/cgo
  • cmd/cgo

05 Feb 2026
Published
30 Jun 2026
Updated

CVSS
Pending
EPSS
0.47%

KEV

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

VDE-2026-049
Balluff GmbH: Multiple Vulnerabilities Affecting BNI EGW-720-007-K095 and BAV MA-NC-00025-01

Security advisory for Balluff BNI EGW-720-007-K095 and BAV MA-NC-00025-01 firmware versions prior to 2.4.1. This advisory covers multiple vulnerabilities affecting software components used by the device firmware.
CVE-2025-68121, CVE-2026-1229, CVE-2025-41115, CVE-2025-15467, CVE-2023-3128, CVE-2022-28660, CVE-2022-26148, CVE-2018-15727, CVE-2020-27846, CVE-2024-9264, CVE-2024-1442, CVE-2022-28391, CVE-2022-24812, CVE-2022-23498, CVE-2022-21703, CVE-2022-31097, CVE-2025-61732, CVE-2025-4674, CVE-2022-29170, CVE-2024-56406

certvde.com/en/advisories/vde-

balluff.csaf-tp.certvde.com/.w

  • 0
  • 0
  • 0
  • 18h ago
Showing 71 to 76 of 76 CVEs