Lucene search
K

2054 matches found

Cvelist
Cvelist
added 2026/06/26 12:4 a.m.38 views

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00094EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 12:4 a.m.7 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus

Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5106 CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg...

9.9CVSS5.8AI score0.0048EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 11:4 p.m.9 views

MAL-2026-6432 Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: Use dstdevnetrcu instead. Replace the three dstdev calls with a helper function enabled for lockdep...

6AI score0.00181EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...

7.8CVSS5.8AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.14 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.43 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.16 views

CVE-2026-56371

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected by a memory leak in the txt coder when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released if GetTypeMetrics fails, leaking memory per crafted TXT file and enabling potential DoS...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51512

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A memory leak exists in coders/txt.c during the processing of TXT files containing texture attributes. The issue occurs because the texture object...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References86
RedHat Linux
RedHat Linux
added 2026/06/22 3:31 p.m.7 views

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

7.5CVSS6.1AI score0.0116EPSS
Exploits4References10
NVD
NVD
added 2026/06/22 12:16 p.m.15 views

CVE-2026-11373

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

9.1CVSS0.00352EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 11:28 a.m.30 views

CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

0.00352EPSS
Exploits0References6
NVD
NVD
added 2026/06/20 4:17 p.m.19 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.28 views

CVE-2026-56235 Capgo - Unauthenticated Cross-Tenant Metrics Disclosure via RPC Functions

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 3:24 p.m.18 views

CVE-2026-56235

Cap-go capgo prior to 12.128.2 exposes an authorization bypass in multiple Supabase PostgREST RPC functions (get_app_metrics, get_global_metrics, get_total_metrics) granted to anon without org membership or permission checks. An unauthenticated attacker with only the public Supabase API key (sb_p...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder