Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1423 matches found

Malwarebytes
Malwarebytesadded 2021/08/09 11:10 a.m.49 views

A week in security (August 2 – August 8)

Last week on Malwarebytes Labs: RDP brute force attacks explained The 3 biggest threats reaching for your antivirus software’s off switch Zoom and gloom? Video comms org agrees to settle for $85m COVID-19 vaccine appointment system attacked in Italy Chrome casts away the padlock - is it good...

0.1AI score
Exploits0
The Hacker News
The Hacker Newsadded 2021/08/05 10:12 a.m.47 views

A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service

Multiple cybercriminal groups are leveraging a malware-as-a-service MaaS solution to carry out a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgi...

0.2AI score
Exploits0
NVD
NVDadded 2021/06/28 3:15 p.m.17 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS0.00117EPSS
Exploits1References3
OSV
OSVadded 2021/06/28 3:15 p.m.19 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS7AI score
Exploits0References3
Prion
Prionadded 2021/06/28 3:15 p.m.21 views

Code injection

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

3.5CVSS5.8AI score0.00117EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCveadded 2021/06/28 3:15 p.m.34 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS6AI score0.00117EPSS
Exploits1References4
Cvelist
Cvelistadded 2021/06/28 2:50 p.m.25 views

CVE-2021-32718 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

3.1CVSS6.8AI score0.00117EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2021/06/28 2:50 p.m.26 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS5.6AI score0.00117EPSS
Exploits1
OSV
OSVadded 2021/06/21 5:32 p.m.5 views

SUSE-SU-2021:2114-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: cobbler: - Make 'fenceipmitool' a wrapper for 'fenceipmilan' using always lanplus bsc1184361 - Remove unused template for fenceipmitool. - Prevent some race conditions when writing tftpboot files and the destination directory is not existing bsc1186124 - Fi...

7.8CVSS6.8AI score0.04548EPSS
Exploits1References22
The Hacker News
The Hacker Newsadded 2021/06/10 10:51 a.m.83 views

Emerging Ransomware Targets Dozens of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organizations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomwar...

7.5CVSS1AI score0.94341EPSS
Exploits0
Virtuozzo
Virtuozzoadded 2021/06/09 12:0 a.m.105 views

Virtuozzo Hybrid Infrastructure 4.6 (4.6.0-208)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' operability. The improvements cover compute services, object storage, monitoring, security, localization, and the user interface. Additionally, this release delivers stability...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2021/06/01 12:0 a.m.26 views

FreeBSD : Prometheus -- arbitrary redirects (59ab72fb-bccf-11eb-a38d-6805ca1caf5c)

Prometheus reports : Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...

6.5CVSS6.6AI score0.87475EPSS
Exploits0References2
ArchLinux
ArchLinuxadded 2021/05/25 12:0 a.m.221 views

[ASA-202105-25] prometheus: open redirect

Arch Linux Security Advisory ASA-202105-25 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-29622 Package : prometheus Type : open redirect Remote : Yes Link : https://security.archlinux.org/AVG-1971 Summary ======= The package prometheus before...

6.5CVSS0.6AI score0.87475EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2021/05/20 2:56 p.m.71 views

CVE-2021-29622

An open redirect vulnerability was found in Prometheus. By specially crafted URL and a /new endpoint, an attacker can redirect user to any other URL...

6.5CVSS2.7AI score0.87475EPSS
Exploits0References3
Veracode
Veracodeadded 2021/05/20 6:8 a.m.30 views

Open Redirection

github.com/prometheus/prometheus is vulnerable to open redirection. An attacker is able to redirect a user to a malicious endpoint via a HTTP 302 response...

6.5CVSS1.3AI score0.87475EPSS
Exploits0References3Affected Software2
OSV
OSVadded 2021/05/19 8:15 p.m.20 views

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.1CVSS6.6AI score
Exploits0References3
NVD
NVDadded 2021/05/19 8:15 p.m.17 views

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.5CVSS0.87475EPSS
Exploits0References3
OSV
OSVadded 2021/05/19 8:15 p.m.2 views

AZL-6804 CVE-2021-29622 affecting package prometheus for versions less than 2.36.0-2

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.1CVSS6.6AI score0.87475EPSS
Exploits0References1
OSV
OSVadded 2021/05/19 8:15 p.m.2 views

UBUNTU-CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.5CVSS6.6AI score0.87475EPSS
Exploits0References6
Prion
Prionadded 2021/05/19 8:15 p.m.20 views

Design/Logic Flaw

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

5.8CVSS6.2AI score0.87475EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder