Lucene search
K

533 matches found

OSV
OSV
added yesterday7 views

BIT-PROMETHEUS-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-6541

CVE-2026-6541 affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x

4.3CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/07 3:26 p.m.6 views

GO-2026-5851 Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/30 11:39 p.m.8 views

BIT-ENVOY-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 6:40 p.m.4 views

GHSA-9C54-X2G4-V92J Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality

Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists because the global wrapMetrics middleware records the raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency a...

5.9CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/06/26 6:17 p.m.8 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 5:38 p.m.36 views

CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS0.0061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:38 p.m.5 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.5AI score0.0061EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 5:38 p.m.7 views

EUVD-2026-39825

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.5AI score0.0061EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 5:38 p.m.24 views

CVE-2026-48706

CVE-2026-48706 affects Envoy TCP StatsD sink (TcpStatsdSink). A heap write overflow can occur when processing extremely long statistic names (>16 KiB) due to mismanagement of 16 KiB flush slices during buffer rotation, potentially causing process crash or remote code execution. Affected versio...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/26 5:38 p.m.4 views

CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.7AI score0.0061EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

7.1CVSS6AI score0.00153EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:47 a.m.4 views

CVE-2026-53203

A flaw was found in the Linux kernel's accel/ivpu component. This vulnerability, a buffer overflow, occurs when the firmware returns a size larger than the allocated buffer during a metric stream information query. This can lead to an incorrect buffer copy, potentially causing system instability ...

7.1CVSS6AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52891

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A heap write overflow exists in the TCP StatsD sink TcpStatsdSink when processing...

7.5CVSS6.2AI score0.0061EPSS
Exploits0References19
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus

Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus...

6.1CVSS6.1AI score0.0024EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

7.1CVSS6AI score0.00153EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

6AI score0.00153EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.31 views

CVE-2026-53203 accel/ivpu: Add buffer overflow check in MS get_info_ioctl

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

7.1CVSS0.00153EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39294

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

6AI score0.00153EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 10:42 a.m.8 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been addressed in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when...

7.5CVSS5.8AI score0.0086EPSS
Exploits1Affected Software1
Rows per page
Query Builder