Lucene search
K

1505 matches found

Nuclei
Nuclei
added 6 hours ago22 views

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)

Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...

5.8CVSS6.3AI score0.02698EPSS
Exploits1References4
Nuclei
Nuclei
added 6 hours ago48 views

Prometheus - Open Redirect

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...

6.5CVSS6.5AI score0.1956EPSS
Exploits0References5
Fedora
Fedora
added 3 days ago8 views

[SECURITY] Fedora 44 Update: prometheus-3.13.0-1.fc44

The Prometheus monitoring system and time series database...

9.3CVSS6.1AI score0.00397EPSS
Exploits1
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 43 Update: prometheus-3.13.0-1.fc43

The Prometheus monitoring system and time series database...

9.3CVSS6.1AI score0.00397EPSS
Exploits1
Chainguard
Chainguard
added 5 days ago7 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, src, k3s, telegraf, beats-fips, dataplaneapi, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, vault-fips, karpenter, loki, prometheus-mongodb-exporter, kubernetes-dashboard, knative-eventing-fips,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 5 days ago5 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: scorecard, percona-server-mongodb-operator, rancher, step-issuer, gitaly, cue, gatus, neuvector-scanner, gostatsd, prometheus, govulncheck, kyverno-policy-reporter-kyverno-plugin, pluto, aws-flb-cloudwatch, x509-certificate-exporter, pulumi-kubernetes-operator, nucle...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 6 days ago8 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 6 days ago7 views

github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References9
Rockylinux
Rockylinux
added 2026/07/07 12:5 p.m.4 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

9.6CVSS7.3AI score0.00939EPSS
Exploits0
OSV
OSV
added 2026/07/07 12:5 p.m.8 views

RLSA-2026:34357 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...

8.2CVSS7.3AI score0.00939EPSS
Exploits0References7
Fedora
Fedora
added 2026/07/07 1:10 a.m.10 views

[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.21.2-1.fc43

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

9.1CVSS6.8AI score0.00651EPSS
Exploits1
Fedora
Fedora
added 2026/07/07 12:51 a.m.15 views

[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.2-1.fc44

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

9.1CVSS6.8AI score0.00651EPSS
Exploits1
Rockylinux
Rockylinux
added 2026/07/05 12:3 p.m.9 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

9.6CVSS7.3AI score0.00939EPSS
Exploits0
OSV
OSV
added 2026/07/05 12:3 p.m.7 views

RLSA-2026:34359 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...

8.2CVSS7.2AI score0.00939EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.5 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.6 views

github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.7 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00939EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.7 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.11 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00939EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.8 views

github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References9
Rows per page
Query Builder