Lucene search
K

118 matches found

OSV
OSV
added 2026/01/28 3:38 p.m.5 views

SUSE-SU-2026:0327-1 Security update for alloy

This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: - CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container...

8.4CVSS5.9AI score0.0067EPSS
Exploits4References7
Grafana
Grafana
added 2026/01/26 12:0 a.m.10 views

Grafana Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS6AI score0.01489EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-21013

Name of the Vulnerable Software and Affected Versions Loki affected versions not specified Description An issue in the log aggregation and storage system exists due to improper restriction of the directory path name. By using double encoding to bypass validation of the namespace parameter for pat...

8.2CVSS5.3AI score0.00409EPSS
Exploits0References93
Chainguard
Chainguard
added 2025/12/05 1:28 a.m.9 views

GHSA-7C64-F9JR-V9H2 vulnerabilities

Vulnerabilities for packages: image-factory-fips, spicedb-operator, knative-serving, rancher-system-upgrade-controller, crossplane-provider-kubernetes-fips, gitlab-cng, quic-go-fips, src-fingerprint, envoy-gateway-fips, pdfcpu, vertical-pod-autoscaler-fips, gobump, rancher-telemetry, nri-couchbas...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2025/12/05 1:28 a.m.12 views

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: image-factory-fips, spicedb-operator, knative-serving, rancher-system-upgrade-controller, crossplane-provider-kubernetes-fips, gitlab-cng, quic-go-fips, src-fingerprint, envoy-gateway-fips, pdfcpu, vertical-pod-autoscaler-fips, gobump, rancher-telemetry, nri-couchbas...

7.5CVSS7.2AI score0.00459EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2005-1945

Malware in sbrugna...

7.5CVSS6.4AI score0.0113EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2065

Malware in sbrugna...

5.3CVSS5.3AI score0.01489EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in @amber-team/create-loki-report (npm)

The package @amber-team/create-loki-report was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-7051 Malicious code in @amber-team/create-loki-report (npm)

The package @amber-team/create-loki-report was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/15 1:13 a.m.5 views

Malicious code in loki-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75940c2d0ed836d2725549e9704eaefe1d989aa5349c7b27fdf2556be16e32a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/15 1:13 a.m.2 views

MAL-2025-5935 Malicious code in loki-release (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 75940c2d0ed836d2725549e9704eaefe1d989aa5349c7b27fdf2556be16e32a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.61 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: nerdctl, src, aws-load-balancer-controller, aws-flb-kinesis, s5cmd, task, runc, kubernetes-dashboard-metrics-scraper, scorecard, crossplane, nri-discovery-kubernetes, secrets-store-csi-driver-provider-azure, dex, kind, helm-operator, prometheus-blackbox-exporter,...

5.9AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.112 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: trivy, goreleaser, flux-source-controller, datadog-agent, rook, cluster-autoscaler, falcoctl, flyte, kubescape, rekor, k8sgpt, ksops, py3-cassandra-medusa, cosign, bank-vaults, secrets-store-csi-driver-provider-azure, tekton-chains, guac, terragrunt, sqlpad,...

5.5CVSS6.5AI score0.00788EPSS
Exploits0
Chainguard
Chainguard
added 2024/06/05 4:15 p.m.22 views

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: kubevela, kyverno-policy-reporter, falcosidekick, mage, neuvector-scanner, src-fingerprint, gobump, cluster-proportional-autoscaler, grpcurl, nri-couchbase, hubble-ui-backend-fips, actions-runner-controller-fips, xcaddy, flannel-cni-plugin, nats-server, ollama,...

5.5CVSS6.8AI score0.00446EPSS
Exploits0
Chainguard
Chainguard
added 2024/02/01 8:51 p.m.24 views

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: kubevela, cadvisor-fips, skaffold, kpt, aactl, cadvisor, loki, flux-helm-controller, k3d, cert-manager-fips, kots, pulumi, cert-manager, scorecard, dagger, trivy, falcoctl, helm-fips, k9s, docker-machine-driver-harvester, eksctl, falcoctl-fips, falco, k8sgpt, kargo,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/02/01 5:15 p.m.48 views

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: kubevela, cadvisor-fips, skaffold, kpt, aactl, cadvisor, loki, flux-helm-controller, k3d, cert-manager-fips, kots, pulumi, cert-manager, scorecard, dagger, trivy, falcoctl, helm-fips, k9s, docker-machine-driver-harvester, eksctl, falcoctl-fips, falco, k8sgpt, kargo,...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/12/12 1:15 a.m.9 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS7.4AI score0.00879EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 1:15 a.m.5 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS5.8AI score0.00879EPSS
Exploits1References1
NVD
NVD
added 2023/12/12 1:15 a.m.11 views

CVE-2023-36649

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

9.1CVSS0.00879EPSS
Exploits1References1
Rows per page
Query Builder