Lucene search
K

5 matches found

OSV
OSV
added 2026/06/30 6:40 p.m.4 views

GHSA-9C54-X2G4-V92J Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality

Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists because the global wrapMetrics middleware records the raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency a...

5.9CVSS6AI score
Exploits0References2
CVE
CVE
added 2026/02/12 9:33 p.m.16 views

CVE-2026-26069

Scraparr (Prometheus Exporter) prior to 3.0.2 is affected when Readarr integration is enabled and the exporter’s /metrics is exposed to outsiders. The Readarr API key could be exposed as the alias metric label value, under conditions: Readarr scraping enabled, no alias configured, /metrics public...

9.1CVSS5.5AI score0.00295EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:33 p.m.26 views

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

9.1CVSS0.00295EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3542

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.0178EPSS
Exploits1References8
OSV
OSV
added 2021/05/18 3:38 p.m.25 views

GHSA-2V6X-FRW8-7R7F Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...

6.5CVSS6.5AI score0.0178EPSS
Exploits1References5
Rows per page
Query Builder