CLEANSTART-2026-DT66006 Within HostnameError

Security vulnerability affects the prometheus-redis-exporter package. Within HostnameError...

CVE-2025-47911 affecting package prometheus-adapter for versions less than 0.10.0-19

CVE-2025-47911 affecting package prometheus-adapter for versions less than 0.10.0-19. A patched version of the package is available...

CVE-2025-11065 affecting package prometheus for versions less than 2.37.9-7

CVE-2025-11065 affecting package prometheus for versions less than 2.37.9-7. A patched version of the package is available...

Fedora: Security Advisory (FEDORA-2026-ce1dd0caa0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:20574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: prometheus-3.10.0-1.fc42

The Prometheus monitoring system and time series database...

[SECURITY] Fedora 43 Update: prometheus-3.10.0-1.fc43

The Prometheus monitoring system and time series database...

Fedora 42 : prometheus (2026-c9fb6d2b76)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c9fb6d2b76 advisory. Rename from golang-github-prometheus and upgrade to 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : prometheus (2026-ce1dd0caa0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ce1dd0caa0 advisory. Rename from golang-github-prometheus & update to 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality (CVE-2025-13490)

Summary When an IBM App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance in the OpenShift cluster, the metrics are sent over an unencrypted channel. This bulletin provides patch information to address the...

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: kserve, docker-cli-buildx-fips, kubescape-operator-fips, rke2-cloud-provider, kubevela, grafana-beyla, kyverno-policy-reporter-plugins-kyverno, etcd, cass-operator-fips-no-pvc-delete, gitaly, packer, podinfo, argo-workflows, ceph-csi-operator, kaniko, syft-fips,...

CLEANSTART-2026-XZ04425 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.0 release

Red Hat build of OpenTelemetry 3.9.0 has been released This release of the Red Hat build of OpenTelemetry provides new features, security improvements, and bug fixes. Breaking changes: The deprecated OpenCensus Receiver, which provided backward compatibility with the OpenCensus project for easier...

SUSE-SU-2026:0626-1 Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Require Go 1.23 for building - Update to versi...

CLEANSTART-2026-RD09851 net/url package does not set a limit on the number of query parameters in a query

Multiple security vulnerabilities affect the prometheus-operator package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.3.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: temporal-server, kine, kyverno, minio, hydra-fips, sftpgo-plugin-eventstore, crossplane-provider-sql, dex-fips, beats-fips, kyverno-policy-reporter, vault-fips, ory-kratos, trillian, spicedb-fips, argo-workflows, reports-server, percona-xtradb-cluster-operator,...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: crossplane-provider-sql, sftpgo, juicefs, kine, kyverno-policy-reporter, age, loki, rekor, temporal, openfga, step-kms-plugin, telegraf, temporal-server, mattermost, nuclei, wolfictl, seaweedfs, terragrunt, cerbos, step, gitsign, argo-workflows, amass, grafana-alloy,...

openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20239-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20239-1 advisory. - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. bsc1257841 - CVE-2026-1615: Fixed...

Security update for golang-github-prometheus-prometheus (critical)

openSUSE security update: security update for golang-github-prometheus-prometheus ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20239-1 Rating: critical References: bsc1257442 bsc1257841 bsc1257897 Cross-References: CVE-2025-61140 CVE-2026-1615...