Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

grafana

14 Products 54 CVEs

CVE Severity Distribution (All Time)

Critical
4
High
18
Medium
29
Low
1

Timeline Overview

Last 30 Days 0 CVEs
Last 6 Months 0 CVEs
Last Year 6 CVEs

Products

View all

grafana

72 Versions 43 CVEs

Grafana Enterprise

17 Versions 11 CVEs

grafana_enterprise

8 Versions 2 CVEs

oncall

1 Version 1 CVE

alloy

3 Versions 1 CVE

Recent CVEs

View all
CVE-2024-10452 LOW 8 months ago

Organization admins can delete pending invites created in an organization they are not part of.

CVE-2024-9264 UNKNOWN 8 months, 2 weeks ago

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficie…

CVE-2024-8118 UNKNOWN 9 months, 1 week ago

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to…

CVE-2024-8996 HIGH 9 months, 1 week ago

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issu…

CVE-2024-8975 HIGH 9 months, 1 week ago

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Al…

CVE-2024-6322 MEDIUM 10 months, 2 weeks ago

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is grante…