1110 matches found
CVE-2026-14604
Technical details about CVE-2026-14604 are not publicly available in the provided documents. Monitor for updates from official sources.
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
CVE-2026-48978 vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
GHSA-JXPM-75MH-9FP7 vulnerabilities
Vulnerabilities for packages: k9s-fips, rancher-fleet-fips, helm-mapkubeapis, redpanda-operator, kube-arangodb-fips, kyverno-notation-aws-fips, gitlab-operator-fips, falcoctl-fips, opentofu-fips, cert-manager-cmctl, kgateway, cluster-api-helm-controller-fips, kyverno-fips, chaos-mesh, xeol,...
[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.21.1-1.fc43
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.1-1.fc44
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
Fedora 44 : prometheus-podman-exporter (2026-3c6643b33a)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3c6643b33a advisory. release 1.21.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 43 : prometheus-podman-exporter (2026-460749ef95)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-460749ef95 advisory. release 1.21.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-runner, packer-fips, grype-db, clickhouse-backup-fips, crossplane-provider-aws-eks-fips, crossplane-provider-aws-autoscaling-fips, flux-source-controller, prometheus-podman-exporter-fips, datadog-agent-fips, helmfile, agentbeat,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-rails-ce, nemo, kube-arangodb-fips, zitadel, loki, coder, flux-source-controller, opentofu-fips, frankenphp-8.4, mattermost-fips, harbor, kaf, skaffold-fips, kubevela-fips, kyverno-fips, skaffold, prometheus-mongodb-exporter,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-runner, packer-fips, grype-db, clickhouse-backup-fips, crossplane-provider-aws-eks-fips, crossplane-provider-aws-autoscaling-fips, flux-source-controller, prometheus-podman-exporter-fips, datadog-agent-fips, helmfile, agentbeat,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: chezmoi, gitea-fips, k9s-fips, gitlab-runner, gitlab-rails-ce, argo-events, terraform-fips, fulcio-fips, nemo, kube-arangodb-fips, packer-fips, buildah-fips, kyverno-notation-aws-fips, zitadel, crossplane-provider-family-azure, loki, atlantis, caddy-fips, consul,...
GO-2026-5106 CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: prometheus-podman-exporter, sriov-network-device-plugin, gpu-operator, podman-fips, nvidia-container-toolkit-fips, node-feature-discovery-fips, buildah, buildah-fips, cadvisor-fips, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, gpu-operator-fips,...
GHSA-4JVG-4JFX-FMHC opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
Summary The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because service.name is controlled by remote OTLP senders and the operator-configured bearer token is attached to every request, a crafted servi...
PT-2026-50719
Name of the Vulnerable Software and Affected Versions opentelemetry-collector-contrib sentryexporter affected versions not specified Description The Sentry exporter fails to validate the service.name resource attribute when constructing Sentry API URLs. Because this attribute is controlled by...