Vulnerabilidades em grafana
102 resultadosCVE-2026-10601MEDIUMPath Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint AccessEPSS 0.3%CVE-2024-8975HIGHGrafana Alloy on Windows Unquoted service pathEPSS 0.3%CVE-2026-9029HIGHStored XSS via Geomap Panel Template Variable Attribution InjectionEPSS 0.3%CVE-2025-8341MEDIUMSSRF in Infinity Datasource PluginEPSS 0.3%CVE-2026-33376HIGHAuth Proxy IPv6 whitelist bypassEPSS 0.3%CVE-2024-8996HIGHGrafana Agent Flow on Windows Unquoted service pathEPSS 0.3%CVE-2026-28379MEDIUMViewer-triggered race condition in Grafana Live leads to complete server crashEPSS 0.3%CVE-2026-33380MEDIUMSQL Expressions Read File From DiskEPSS 0.3%CVE-2025-41117MEDIUMXSS in Grafana Explore stack traceEPSS 0.3%CVE-2025-12141LOWGrafana Alerting Editors can edit destination of webhooks they did not createEPSS 0.3%CVE-2022-31123MEDIUMGrafana plugin signature bypass vulnerabilityEPSS 0.2%CVE-2026-33381MEDIUMUsers can generate Service Account tokens after permissions removalEPSS 0.2%CVE-2026-21724MEDIUMMissing Protected-field Authorization in Provisioning Contact Points APIEPSS 0.2%CVE-2026-27878MEDIUMTempo TraceQL query with exemplar hint could result in unbounded memory usageEPSS 0.2%CVE-2026-28380MEDIUMBAC in Snapshot API allows deletion of unauthorized dashboard snapshotsEPSS 0.2%CVE-2026-33377HIGHDashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard AdminEPSS 0.2%CVE-2026-28381CRITICALLocal File Read/Write to Potential Privilege Escalation via Snowflake GET/PUTEPSS 0.2%CVE-2026-21727LOWGrafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 RecordEPSS 0.2%CVE-2026-28374MEDIUMIDOR in Annotations API allows unprivileged users to DELETE annotationEPSS 0.2%CVE-2026-27877MEDIUMPublic dashboards discloses all direct mode datasourcesEPSS 0.2%