security/vuxml: Add www/grafana vulnerabilities
- XSS in Grafana Explore stack trace (CVE-2025-41117)
- Public Dashboards time range restriction on annotations can be bypassed (CVE-2026-21722)
- RCE on Grafana via sqlExpressions (CVE-2026-27876)
- Public dashboards discloses all direct mode datasources (CVE-2026-27877)
- Query resampling can cause unbounded memory allocations (CVE-2026-27879)
- OpenFeature evaluation API reads input data with no bounds (CVE-2026-27880)
- Grafana Testdata datasource can issue unbounded memory allocations (CVE-2026-28375)
- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS (CVE-2026-33375)
PR: 294105
Reported by: Boris Korzun <drtr0jan@yandex.ru>