1406 matches found
SUSE-SU-2026:20574-1 Security update for golang-github-prometheus-prometheus
This update for golang-github-prometheus-prometheus fixes the following issues: - CVE-2026-25547: Fixed an unbounded brace range expansion leading to excessive CPU and memory consumption. bsc1257841 - CVE-2026-1615: Fixed arbitrary code injection due to unsafe evaluation of user-supplied JSON Pat...
CVE-2026-26069
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CLEANSTART-2026-TR92727 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...
Multiple security vulnerabilities affect the prometheus-operator-fips package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should ha...
CLEANSTART-2026-JB30245 Security fixes for GHSA-F6X5-JH6R-WRFV, GHSA-J5W8-Q4QC-RX2X applied in versions: 0.47.2-r0
Multiple security vulnerabilities affect the prometheus-mongodb-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...
SUSE: Security Advisory (SUSE-SU-2026:20232-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-26069
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069
Scraparr (Prometheus Exporter) prior to 3.0.2 is affected when Readarr integration is enabled and the exporter’s /metrics is exposed to outsiders. The Readarr API key could be exposed as the alias metric label value, under conditions: Readarr scraping enabled, no alias configured, /metrics public...
[SECURITY] Fedora 42 Update: rust-monitord-exporter-0.4.1-8.fc42
monitord-exporter is a Prometheus exporter using monitord to export statistic to Prometheus collectors...
CLEANSTART-2026-LS08172 Within HostnameError
Multiple security vulnerabilities affect the prometheus-fips package. Within HostnameError. See references for individual vulnerability details...
GHSA-H355-32PF-P2XM vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, kubernetes-csi-driver-hostpath, kubo, neuvector-dbgen, kserve, terraform-provider-azapi-fips, nri-haproxy, cadvisor, docker-cli-buildx-fips, aws-sigv4-proxy-fips, kiali-fips, helm-diff,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, neuvector-dbgen, kubo, kserve, terraform-provider-azapi-fips, nri-haproxy, cadvisor, docker-cli-buildx-fips, aws-sigv4-proxy-fips, kiali-fips, helm-diff, cert-manager-csi-driver-fips,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, kubernetes-csi-driver-hostpath, kubo, neuvector-dbgen, kserve, terraform-provider-azapi-fips, nri-haproxy, cadvisor, docker-cli-buildx-fips, aws-sigv4-proxy-fips, kiali-fips, helm-diff,...
[SECURITY] Fedora 43 Update: rust-monitord-exporter-0.4.1-8.fc43
monitord-exporter is a Prometheus exporter using monitord to export statistic to Prometheus collectors...
[SECURITY] Fedora 42 Update: node-exporter-1.10.2-3.fc42
Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...
[SECURITY] Fedora 43 Update: node-exporter-1.10.2-3.fc43
Prometheus exporter for hardware and OS metrics exposed by NIX kernels, writ ten in Go with pluggable metric collectors...