1406 matches found
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11
CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-11. A patched version of the package is available...
[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.16.0-1.fc41
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 42 Update: prometheus-podman-exporter-1.16.0-1.fc42
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
Fedora 41 : prometheus-podman-exporter (2025-b0915f0a19)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b0915f0a19 advisory. release v1.16.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
AZL-60550 CVE-2025-22872 affecting package prometheus-adapter for versions less than 0.12.0-3
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
CVE-2025-22870 affecting package prometheus-process-exporter for versions less than 0.8.2-2
CVE-2025-22870 affecting package prometheus-process-exporter for versions less than 0.8.2-2. A patched version of the package is available...
GHSA-FHG8-QXH5-7Q3W vulnerabilities
Vulnerabilities for packages: nats-top-fips, nats-top, nats-server, nats-server-fips, prometheus-nats-exporter, telegraf...
CVE-2025-30215 vulnerabilities
Vulnerabilities for packages: nats-top-fips, nats-top, nats-server, nats-server-fips, prometheus-nats-exporter, telegraf...
CVE-2025-22870 affecting package prometheus-node-exporter for versions less than 1.7.0-3
CVE-2025-22870 affecting package prometheus-node-exporter for versions less than 1.7.0-3. A patched version of the package is available...
CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4
CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4. A patched version of the package is available...
Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...
GHSA-3QJF-QH38-X73V Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...
CVE-2025-30204 affecting package prometheus for versions less than 2.37.9-3
CVE-2025-30204 affecting package prometheus for versions less than 2.37.9-3. A patched version of the package is available...
CVE-2025-30204 affecting package prometheus for versions less than 2.45.4-9
CVE-2025-30204 affecting package prometheus for versions less than 2.45.4-9. A patched version of the package is available...
CVE-2025-30219
A flaw was found in the RabbitMQ package. Affected versions of RabbitMQ are vulnerable to an attack that can modify the virtual host name on the disk and then make it unrecoverable, with other on disk file modifications. This issue can lead to arbitrary JavaScript code execution in the browsers o...
CVE-2025-30204 vulnerabilities
Vulnerabilities for packages: git-sync, mc, tempo, external-secrets-operator, aactl, tekton-chains, trivy, boring-registry, amazon-cloudwatch-agent, telegraf, argo-workflows, kots, flux-notification-controller, glab, opentelemetry-collector, oauth2-proxy, crossplane-provider-azure-storage,...
AZL-59229 CVE-2025-30204 affecting package prometheus for versions less than 2.37.9-3
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59162 CVE-2025-30204 affecting package prometheus for versions less than 2.45.4-10
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
CVE-2019-3826 vulnerabilities
Vulnerabilities for packages: prometheus, node-problem-detector-fips, grafana, istio-fips...