Azure Linux 3.0 Security Update: prometheus-process-exporter (CVE-2022-46146)

The version of prometheus-process-exporter installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46146 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-6.el8 (AXSA:2021-1339:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1339:01 advisory. snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

MiracleLinux 8 : container-tools:3.0 (AXSA:2022-4431:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4431:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 cri-o: memory exhaustion on the node when access to the kube api...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-3571:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3571:01 advisory. psgo: Privilege escalation in 'podman top' CVE-2022-1227 prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-9.el8 (AXSA:2022-4526:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4526:04 advisory. SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 8 : prometheus-jmx-exporter-0.12.0-8.el8 (AXSA:2022-3880:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3880:02 advisory. snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-25857 Tenable has extracted the preceding description block...

CVE-2026-22641

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

CVE-2026-22641

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-22641

This CVE entry concerns Grafana's datasource proxy API. The root cause is an extra slash in the URL path that bypasses authorization checks, allowing unauthorized read access to GET endpoints in Alertmanager and Prometheus-based datasources. Affected components are datasources implementing route-...

CVE-2026-22641

...

CVE-2026-22641

...

EUVD-2026-2803

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

PT-2026-3008

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A flaw exists in Grafana’s datasource proxy API that permits bypassing authorization checks. This is achieved by including an additional slash character within the URL path. Users with limite...

CVE-2026-0528

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the Graphite or Zookeeper server metricsets and the Prometheus helper module. An attacker can cause a service disruption by sending specially crafted, malformed payloads or metric data. Remediation...

GHSA-W2GR-585J-R428 Metricbeat affected by multiple denial of service vulnerabilities

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the Graphite or Zookeeper server metricsets and the Prometheus helper module. An attacker can cause a service disruption by sending specially crafted, malformed payloads or metric data. Remediation...

Metricbeat affected by multiple denial of service vulnerabilities

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

CVE-2026-0528

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...

CVE-2026-0528

Improper Validation of Array Index CWE-129 exists in Metricbeat can allow an attacker to cause a Denial of Service through Input Data Manipulation CAPEC-153 via specially crafted, malformed payloads sent to the Graphite server metricset or Zookeeper server metricset. Additionally, Improper Input...