浏览 89+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-21728 | Tempo query limit results in unbounded memory allocation | Grafana | Tempo | High | 7.5 | 2026-04-24 08:00:47 | Deep Dive |
| CVE-2026-21726 | Loki Path Traversal - CVE-2021-36156 Bypass | Grafana | Loki | Medium | 5.3 | 2026-04-15 19:24:31 | Deep Dive |
| CVE-2025-41118 | Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection | Grafana | Pyroscope | Critical | 9.1 | 2026-04-15 19:15:18 | Deep Dive |
| CVE-2026-21727 | Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record | Grafana | Grafana Correlations | Low | 3.3 | 2026-04-15 18:57:25 | Deep Dive |
| CVE-2025-12141 | Grafana Alerting Editors can edit destination of webhooks they did not create | Grafana | Grafana Alerting | 中危 | - | 2026-04-15 14:59:41 | Deep Dive |
| CVE-2026-27879 | Query resampling can cause unbounded memory allocations | Grafana | Grafana | Medium | 6.5 | 2026-03-27 14:28:56 | Deep Dive |
| CVE-2026-28375 | Grafana Testdata datasource can issue unbounded memory allocations | Grafana | Grafana | Medium | 6.5 | 2026-03-27 14:26:19 | Deep Dive |
| CVE-2026-27876 | RCE on Grafana via sqlExpressions | Grafana | Grafana | Critical | 9.1 | 2026-03-27 14:24:37 | Deep Dive |
| CVE-2026-27880 | OpenFeature evaluation API reads input data with no bounds | Grafana | Grafana | High | 7.5 | 2026-03-27 14:12:20 | Deep Dive |
| CVE-2026-27877 | Public dashboards discloses all direct mode datasources | Grafana | Grafana | Medium | 6.5 | 2026-03-27 14:02:12 | Deep Dive |
| CVE-2026-28377 | S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern) | Grafana | Tempo | High | 7.5 | 2026-03-26 21:39:47 | Deep Dive |
| CVE-2026-21724 | Missing Protected-field Authorization in Provisioning Contact Points API | Grafana | Grafana OSS | Medium | 5.4 | 2026-03-26 20:06:19 | Deep Dive |
| CVE-2026-33375 | Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS | Grafana | Grafana OSS | Medium | 6.5 | 2026-03-26 20:05:53 | Deep Dive |
| CVE-2026-21725 | Authorization Bypass via TOCTOU in Grafana Datasource Deletion by Name | Grafana | Grafana | Low | 2.6 | 2026-02-25 12:35:43 | Deep Dive |
| CVE-2025-41117 | XSS in Grafana Explore stack trace | Grafana | grafana/grafana | Medium | 6.8 | 2026-02-12 08:49:09 | Deep Dive |
| CVE-2026-21722 | Public Dashboards time range restriction on annotations can be bypassed | Grafana | grafana/grafana | Medium | 5.3 | 2026-02-12 08:49:06 | Deep Dive |
| CVE-2026-21721 | Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation | Grafana | grafana/grafana | High | 8.1 | 2026-01-27 09:07:55 | Deep Dive |
| CVE-2026-21720 | Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out | Grafana | grafana/grafana-enterprise | High | 7.5 | 2026-01-27 09:07:05 | Deep Dive |
| CVE-2025-41115 | Incorrect privilege assignment | Grafana | Grafana Enterprise | Critical | 10.0 | 2025-11-21 14:25:39 | Deep Dive |
| CVE-2025-41116 | Incorrect oauth passthrough in Grafana Databricks Datasource | Grafana Labs | Grafana Databricks Datasource Plugin | 中危 | - | 2025-11-11 20:18:08 | Deep Dive |