CVE-2026-40964

Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...

PT-2026-40775

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

NetApp StorageGRID 安全漏洞

NetApp StorageGRID is a object storage solution developed by the American network equipment company NetApp. Versions of NetApp StorageGRID prior to 11.9.0.13 and 12.0.0.6 contained security vulnerabilities. These vulnerabilities were due to information leakage issues, which could allow authorized...

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

EUVD-2023-3122

Malicious code in bioql PyPI...

CVE-2024-20283

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries t...

PT-2024-24059 · Red Hat · Openshift Virtualization

Name of the Vulnerable Software and Affected Versions: OpenShift Virtualization affected versions not specified Description: An information disclosure flaw was found in OpenShift Virtualization, related to the DownwardMetrics feature, which exposes host metrics to virtual machine guests and is...

Splunk Security Breach

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

PT-2023-30962

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions 3.0.0 through 3.0.1 Description The issue concerns the exposure of sensitive information to unauthorized actors, potentially including database credentials. This exposure can occur in Apache DolphinScheduler,...

CVE-2022-23238

Linux deployments of StorageGRID formerly StorageGRID Webscale versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email...

Metrics exposure in Wildfly

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data...

Red Hat Wildfly 安全漏洞

Wildfly is a powerful, modular and lightweight application server from Wildfly. Wildfly has a security vulnerability that stems from an insufficient RBAC restriction that could lead to the exposure of metrics data...

PT-2022-16885 · Pomerium · Pomerium

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to v0.17.1 Description: Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak...

CVE-2019-10223

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...