Lucene search
K

206 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14686

A flaw was found in HdrHistogram. This vulnerability affects the DoubleHistogram.recordValue function, which is part of the Range Check component. A local attacker can exploit this flaw by performing a specific manipulation, leading to an incorrect comparison of values. This issue primarily impac...

4.8CVSS6AI score0.0024EPSS
Exploits0References9
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-1048 Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow

Impact The implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements: python import tensorflow as tf import numpy as np tf.histogramfixedwidthvalues=np.nan, valuerange=1,2 The implementation assumes that all floating point operations are defined...

5.5CVSS6.1AI score0.00313EPSS
Exploits1References13
OSV
OSV
added 2026/07/05 1:21 a.m.5 views

DEBIAN-CVE-2026-14686

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/07/05 1:21 a.m.4 views

UBUNTU-CVE-2026-14686

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS5.5AI score0.0024EPSS
Exploits0References8
NVD
NVD
added 2026/07/05 12:17 a.m.9 views

CVE-2026-14684

A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory...

4.8CVSS0.0012EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 12:0 a.m.35 views

CVE-2026-14686 HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack i...

4.8CVSS0.0024EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 11:45 p.m.41 views

CVE-2026-14685 HdrHistogram AbstractHistogram AbstractHistogram.java recordValueWithCount state issue

A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack c...

4.8CVSS0.00118EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.21 views

PT-2026-55741

Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3 Description An issue exists in the decodeFromCompressedByteBuffer function within the org.HdrHistogram.AbstractHistogram class. Local manipulation of the lengthOfCompressedContents argument can lead to...

4.8CVSS5.8AI score0.00118EPSS
Exploits0References12
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5381 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus

Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus...

6.1CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.11 views

SUSE CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS5.7AI score0.00319EPSS
Exploits1References3
NVD
NVD
added 2026/06/02 4:16 p.m.13 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS0.00319EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:24 p.m.11 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

OpenTelemetry eBPF Instrumentation 安全漏洞

OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the BPF probe’s reexecution...

7.5CVSS5.4AI score0.00319EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 11:26 a.m.9 views

BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 9:27 p.m.34 views

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS0.00182EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 9:27 p.m.9 views

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 9:27 p.m.90 views

CVE-2026-44903

CVE-2026-44903 affects Prometheus servers with the legacy web UI enabled. From 2.49.0 up to before 3.5.3 and 3.11.3, histogram heatmap axis tick labels aren’t escaped when inserting metric label values into HTML, allowing an attacker who can inject crafted metrics to run JavaScript in the browser...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Prometheus 跨站脚本漏洞

Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus from 2.49.0 to 3.5.3, as well as versions before 3.11.3, had a cross-site scripting vulnerability. This vulnerability stemmed from...

5.1CVSS5.7AI score0.00182EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 2:4 p.m.6 views

SUSE-SU-2026:2057-1 Security update for libpng16

This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957...

5.1CVSS5.8AI score0.00195EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: mwifiex: fixed a memory leak in mwifiexhistogramread. Always free the zeroed page upon returning from ‘mwifiexhistogramread’...

5.9AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder