Search

Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39306 2 Grafana, Redhat 3 Grafana, Ceph Storage, Enterprise Linux 2026-01-28 6.4 Medium
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to sign up with whatever username/email address the user chooses and become a member of the organization. This introduces a vulnerability which can be used with malicious intent. This issue is patched in version 9.2.4, and has been backported to 8.5.15. There are no known workarounds.
CVE-2022-39307 2 Grafana, Redhat 3 Grafana, Ceph Storage, Enterprise Linux 2026-01-28 6.7 Medium
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.
CVE-2022-39324 2 Grafana, Redhat 3 Grafana, Ceph Storage, Enterprise Linux 2026-01-28 6.7 Medium
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.
CVE-2022-23498 2 Grafana, Redhat 2 Grafana, Ceph Storage 2026-01-28 7.1 High
Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.
CVE-2026-24867 2026-01-28 N/A
Not used
CVE-2026-24866 2026-01-28 N/A
Not used
CVE-2026-24865 2026-01-28 N/A
Not used
CVE-2026-24864 2026-01-28 N/A
Not used
CVE-2026-24863 2026-01-28 N/A
Not used
CVE-2026-24862 2026-01-28 N/A
Not used
CVE-2026-24861 2026-01-28 N/A
Not used
CVE-2026-24860 2026-01-28 N/A
Not used
CVE-2026-24859 2026-01-28 N/A
Not used
CVE-2025-43860 2 Open-emr, Openemr 2 Openemr, Openemr 2026-01-27 7.6 High
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.
CVE-2024-1545 3 Linux, Microsoft, Wolfssl 4 Linux Kernel, Windows, Wolfcrypt and 1 more 2026-01-27 5.9 Medium
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.
CVE-2024-1544 1 Wolfssl 1 Wolfssl 2026-01-27 4.1 Medium
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits.
CVE-2025-47334 1 Qualcomm 293 Csra6620, Csra6620 Firmware, Csra6640 and 290 more 2026-01-27 6.7 Medium
Memory corruption while processing shared command buffer packet between camera userspace and kernel.
CVE-2025-47335 1 Qualcomm 91 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 88 more 2026-01-27 6.7 Medium
Memory corruption while parsing clock configuration data for a specific hardware type.
CVE-2025-47336 1 Qualcomm 37 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 34 more 2026-01-27 6.7 Medium
Memory corruption while performing sensor register read operations.
CVE-2025-47337 1 Qualcomm 129 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 126 more 2026-01-27 6.7 Medium
Memory corruption while accessing a synchronization object during concurrent operations.