Lucene search
K

1493 matches found

Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: telegraf, kots, fscrypt, nerdctl, kubernetes-dashboard, containerd, kyverno, spire-server, kaf, knative-serving, helm, mattermost, podman, kubernetes, opentelemetry-collector, aactl, cilium, cert-manager, external-dns, minio, vitess, loki, buildah, prometheus,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus

Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus

Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5381 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus

Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus...

6.1CVSS5.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 1:16 p.m.12 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 12:22 p.m.33 views

CVE-2026-40011 Prometheus denial of service via crafted DNS queries

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS0.00158EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 12:22 p.m.5 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 12:22 p.m.5 views

EUVD-2026-39346

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:22 p.m.7 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS5.8AI score0.00158EPSS
Exploits0
CVE
CVE
added 2026/06/25 12:22 p.m.20 views

CVE-2026-40011

CVE-2026-40011 describes a denial-of-service condition where sending a large number of crafted DNS queries can cause a dynamic block to be inserted with a value that yields invalid output on the Prometheus endpoint. The Prometheus data may then be rejected by the scraper until the dynamic block e...

3.7CVSS5.8AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 8:35 a.m.3 views

OPENSUSE-SU-2026:21157-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: Changes in golang-github-prometheus-alertmanager: - CVE-2026-39821: Fix validation bypass and privilege escalation by updating golang.org/x/net to version 0.55.0 bsc1266615...

9.6CVSS7.1AI score0.00478EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/06/23 8:21 p.m.8 views

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...

3.3CVSS6.1AI score0.00222EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:21 p.m.11 views

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...

6.1AI score
Exploits0
Fedora
Fedora
added 2026/06/23 1:9 a.m.6 views

[SECURITY] Fedora 44 Update: prometheus-3.12.0-1.fc44

The Prometheus monitoring system and time series database...

7.5CVSS5.8AI score0.00761EPSS
Exploits1
Fedora
Fedora
added 2026/06/23 12:54 a.m.5 views

[SECURITY] Fedora 43 Update: prometheus-3.12.0-1.fc43

The Prometheus monitoring system and time series database...

7.5CVSS5.8AI score0.00761EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/22 3:31 p.m.7 views

Important: Red Hat Security Advisory: Cost Management Metrics Operator Update

Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...

7.5CVSS6.1AI score0.0116EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.3 views

Fedora 44 : prometheus (2026-ebaf2bfd71)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ebaf2bfd71 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS5.9AI score0.00761EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Fedora 43 : prometheus (2026-dfc0e362e6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS5.9AI score0.00761EPSS
Exploits1References4
OSV
OSV
added 2026/06/18 4:1 p.m.9 views

ROOT-APP-GOBINARY-CVE-2026-42154 CVE-2026-42154 in rootio-github.com/prometheus/prometheus - Patched by Root

Root has patched CVE-2026-42154 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
Rows per page
Query Builder