Lucene search
K

203 matches found

OSV
OSV
added 2026/06/08 1:39 p.m.2 views

CLEANSTART-2026-FP26400 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 2.4.4-r0, 2.4.4-r1, 2.9.0-r0

Multiple security vulnerabilities affect the newrelic-prometheus-configurator package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.4AI score0.00813EPSS
Exploits1References37
Wolfi
Wolfi
added 2025/12/04 7:47 p.m.9 views

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-eventsearch, custom-pod-autoscaler, nri-discovery-kubernetes, govulncheck, kubeflow-katib, sbom-convert, gomplate, s5cmd, harbor-registry, fuse-overlayfs-snapshotter, nvidia-container-toolkit, rancher-fleet, nri-f5, kubeflow, terraform-provider-tls,...

7.5CVSS7.2AI score0.00459EPSS
Exploits2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2049

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01186EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/07 11:58 p.m.8 views

Malicious code in new-relic-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b484734422b24dacf15c15aabdc6a98a5b34da6281c42feab2eea60be6bd36f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/07 11:58 p.m.14 views

MAL-2024-7976 Malicious code in new-relic-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b484734422b24dacf15c15aabdc6a98a5b34da6281c42feab2eea60be6bd36f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Chainguard
Chainguard
added 2024/05/08 4:15 p.m.34 views

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: prometheus-mongodb-exporter-fips, confluent-common-docker, dask-gateway, metacontroller, prometheus-redis-exporter, addon-resizer-fips, ip-masq-agent, newrelic-infra-operator, aws-load-balancer-controller-fips, go, jitsucom-bulker, dgraph, wait-for-port,...

5.9CVSS6.8AI score0.01001EPSS
Exploits0
Wolfi
Wolfi
added 2024/03/05 11:15 p.m.73 views

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: bom, mongo-tools, gcsfuse, cert-exporter, kubebuilder, nri-discovery-kubernetes, docker-credential-gcr, govulncheck, kubeflow-katib, gomplate, kubernetes-dns-node-cache, caddy, k8sgpt-operator, kubernetes-csi-livenessprobe, nri-nagios, capslock,...

5.9CVSS6.8AI score0.00667EPSS
Exploits0
Wolfi
Wolfi
added 2024/03/05 11:15 p.m.55 views

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: bom, mongo-tools, gcsfuse, cert-exporter, kubebuilder, nri-discovery-kubernetes, docker-credential-gcr, govulncheck, kubeflow-katib, gomplate, kubernetes-dns-node-cache, caddy, k8sgpt-operator, kubernetes-csi-livenessprobe, nri-nagios, capslock,...

6.5CVSS6.8AI score0.01165EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/03/05 12:0 a.m.19 views

This Week in Spring - March 5th, 2024

Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/20 12:0 a.m.9 views

This Week in Spring - February 20th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...

7.2AI score
Exploits0
Snyk
Snyk
added 2022/06/23 9:24 a.m.3 views

Malicious Package

Overview ddc-new-relic is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/19 8:37 a.m.4 views

Malicious code in ddc-new-relic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 724b8e2d9bbce93045922539d67f166495a0abac1fe3d410e5cea2ec861e82d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/05/19 8:37 a.m.9 views

MAL-2022-2378 Malicious code in ddc-new-relic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 724b8e2d9bbce93045922539d67f166495a0abac1fe3d410e5cea2ec861e82d9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/05/17 2:35 a.m.20 views

GHSA-2RVX-CVFC-MCP2 New Relic .NET Agent contains SQL Injection

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...

9.8CVSS9.8AI score0.01186EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 2:35 a.m.32 views

New Relic .NET Agent contains SQL Injection

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...

9.8CVSS7.9AI score0.01186EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2021/10/30 10:31 a.m.46 views

New Relic: Reflected XSS in VPN Appliance

@mr-hakhak discovered an XSS vulnerability in a VPN appliance. While this appliance is not normally accessed via the browser, the web interface was disabled to prevent future issues...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2021/10/12 10:54 a.m.22 views

New Relic: Reflected Cross site Scripting (XSS) on https://one.newrelic.com

The attacker can execute javascript on the victims account just after the authentication process. Steps To Reproduce: 1 Open the url:...

0.6AI score
Exploits0
Hacker One
Hacker One
added 2021/07/03 1:50 p.m.208 views

New Relic: Verification Link not expiring leading to Account Takeover.

@bbunnny reported that verification links that are sent out on account creation can be used to access a victim's account until those links have expired. As access to those links requires that an attacker have access to the victim's email, this issue is out of scope for our program...

2.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/06/25 12:0 a.m.12 views

Build a Complete Cloud Visibility Strategy

Trend Micro Cloud One + New Relic come together to offer complete cloud visibility...

2.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.5 views

The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource component in the Jackson-databind library of the FasterXML project is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to compromise the...

9.3CVSS7.4AI score0.10911EPSS
Exploits1References9Affected Software6
Rows per page
Query Builder