1502 matches found
CVE-2026-39821 affecting package prometheus-process-exporter for versions less than 0.8.2-4
CVE-2026-39821 affecting package prometheus-process-exporter for versions less than 0.8.2-4. A patched version of the package is available...
GHSA-7CWM-FPFH-RRCH Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
PT-2026-47556
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
Linux Distros Unpatched Vulnerability : CVE-2026-44903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enable...
org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-46621 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-46621 Source advisory: SNYK:JAVA-ORGYAMCS-17230855...
org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-46621 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =0.29.3, =4.7.1, =4.10.3, =4.10.3, =5.10.0, =5.10.0, =3.4.0, =4.5.0, =0.1.0, =0.1, =4.5.0, =0.29.3, =1.0.0, =4.7, =4.10.3, =5.12.6 and more Source cves: CVE-2026-46621 Source advisory: OSV:GHSA-2G95-6X5Q-XJWJ...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902 opentelemetry-js: Prometheus exporter process crash via malformed HTTP request
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902 opentelemetry-js: Prometheus exporter process crash via malformed HTTP request
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
EUVD-2026-32538
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
Summary: CVE-2026-44902 affects the OpenTelemetry JS client, specifically the Prometheus exporter in opentelemetry-js prior to 0.217.0. A single malformed HTTP request to the default metrics endpoint (0.0.0.0:9464) has no URL parsing error handling, causing an uncaught TypeError that crashes the ...
SUSE CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-44596 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =0.29.3, =4.7.1, =4.10.3, =4.10.3, =5.10.0, =5.10.0, =3.4.0, =4.5.0, =0.1.0, =0.1, =4.5.0, =0.29.3, =1.0.0, =4.7, =4.10.3, =5.12.6 and more Source cves: CVE-2026-44596 Source advisory: OSV:GHSA-W5R6-MCGQ-7PQ4...
org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-44595 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-44595 Source advisory: SNYK:JAVA-ORGYAMCS-17229842...
opentelemetry-js 安全漏洞
opentelemetry-js is an open-source framework from OpenTelemetry - CNCF, designed for collecting traces, metrics, and logs from applications. Versions of opentelemetry-js prior to 0.217.0 contained a security vulnerability. This vulnerability stemmed from improper error handling in the URL parsing...
org.yamcs:distribution (>=5.0.0 <=5.12.6), org.yamcs:packet-viewer (>=5.0.0 <=5.12.6) +9 more potentially affected by CVE-2026-42568 via org.yamcs:yamcs-core (>=5.0.0 <=5.12.6)
org.yamcs:yamcs-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.10.0, =5.10.0, =0.1.0, =0.1, =1.0.0, =5.0.0, =5.0.0, =0.1.0, =0.8.0 Source cves: CVE-2026-42568 Source advisory: SNYK:JAVA-ORGYAMCS-17229781...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...