CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit, node-feature-discovery, prometheus-podman-exporter, k8s-device-plugin, rancher-agent, gpu-operator-fips, k8s-device-plugin-fips, buildah-fips, sriov-network-device-plugin-fips, node-feature-discovery-fips, sriov-network-device-plugin,...

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...

CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

OPENSUSE-SU-2026:11012-1 golang-github-prometheus-node_exporter-1.11.1-2.1 on GA media

These are all security issues fixed in the golang-github-prometheus-nodeexporter-1.11.1-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-45552

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.beforerequest → @jwtrequired app/routes/install/routes.py:36-39. The individual endpoints installexporter, installwaf, installgeoip,...

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of role and group checks in the installation process for Blueprint endpoints. Any...

CLEANSTART-2026-QU97327 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1

Multiple security vulnerabilities affect the nginx-prometheus-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-PQ10269 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2

Multiple security vulnerabilities affect the nginx-prometheus-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10971-1 prometheus-blackbox_exporter-0.26.0-6.1 on GA media

These are all security issues fixed in the prometheus-blackboxexporter-0.26.0-6.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

GHSA-W2Q5-6Q6X-X959 vulnerabilities

Vulnerabilities for packages: databricks-cli-fips, rancher-agent, virt-api, elastic-agent, apko-fips, argo-cd-fips, chainloop-cli-fips, eksctl, tigera-operator-fips, k6-operator, polaris-fips, kubernetes, kubevirt-cdi-uploadproxy, grafana-fips, cadvisor-fips, wave-fips, grype-fips, harbor-cli,...

Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter was updated from version 1.5.0 to 1.10.2: Security Fixes: Version 1.9.1:...

SUSE-SU-2026:2254-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter was updated from version 1.5.0 to 1.10.2: - Security Fixes: - Version...

SUSE-SU-2026:2243-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter: - Backward Compatibility and packaging changes: - Added compatibility...

Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: prometheus-postgresexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCount...

SUSE-SU-2026:2241-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: prometheus-postgresexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using...

Security update 5.0.8 for Multi-Linux Manager Client Tools, Salt Bundle and Salt

This update fixes the following issues: golang-github-prometheus-nodeexporter: Version 1.10.2: meminfo: Fix typo in Zswap metric name Version 1.10.1: filesystem: Fix mount points being collected multiple times filesystem: Refactor mountinfo parsing bsc1261810 meminfo: Add Zswap/Zswapped metrics...