Lucene search
K

186 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

9.1CVSS7.3AI score0.0145EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:3 a.m.9 views

Prometheus Azure AD remote write OAuth client secret exposed via config API

...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
OSV
OSV
added 2026/05/05 9:53 p.m.4 views

GHSA-FW8G-CG8F-9J28 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

6.1CVSS6AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 7:33 p.m.5 views

GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/05 7:33 p.m.9 views

Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-38157

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in FileSystem allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted...

9.6CVSS6AI score0.00344EPSS
Exploits0References135
Snyk
Snyk
added 2026/05/04 9:29 p.m.10 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /-/config HTTP API endpoint, where the clientsecret field in the Azure AD remote write OAuth configuration was not properly redacted. An attacker can obtain sensitive authentication...

8.7CVSS5.8AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 7:16 p.m.8 views

DEBIAN-CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 6:12 p.m.36 views

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS0.00326EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:12 p.m.3 views

CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:12 p.m.7 views

CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 6:12 p.m.48 views

CVE-2026-42151

Prometheus (open-source monitoring/time-series DB) had a vulnerability in Azure AD remote write OAuth configuration (storage/remote/azuread) where client_secret was stored as a plain string instead of Secret. This caused the client secret to be exposed in plaintext to anyone with access to the /-...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVE
added 2026/05/04 6:12 p.m.7 views

CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.4 views

CVE-2026-41364

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

8.1CVSS5.7AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/04/18 8:47 a.m.7 views

BIT-PROMETHEUS-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/07 11:25 p.m.9 views

SUSE CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.9AI score0.00406EPSS
Exploits1References9
NVD
NVD
added 2026/04/03 10:16 p.m.4 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS0.00406EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 10:16 p.m.3 views

DEBIAN-CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.5AI score0.00406EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/03 9:15 p.m.4 views

EUVD-2026-18884

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS6AI score0.00406EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/04/03 9:15 p.m.4 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.8AI score0.00406EPSS
Exploits1References1
Rows per page
Query Builder