Grafana 2.x-6.x < 6.3.4 - Unauthenticated Denial of Service via HTTP API
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
Jira Server 7.6.0-8.3.9 - Server-Side Request Forgery via Gadgets MakeRequest Endpoint
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.