| CVE-2026-42154 |
high |
7.5 |
7.5 |
|
|
|
25d ago |
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload |
| CVE-2026-42151 |
high |
7.5 |
7.5 |
|
|
|
25d ago |
Prometheus Azure AD remote write OAuth client secret exposed via config API |
| CVE-2026-44903 |
medium |
— |
5.5 |
|
|
|
3d ago |
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… |
| CVE-2021-29622 |
medium |
— |
5.5 |
|
|
|
4y ago |
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redire… |
| CVE-2026-40179 |
unknown |
— |
— |
|
|
|
2mo ago |
Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of… |
| CVE-2019-3826 |
unknown |
— |
— |
|
|
|
3y ago |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… |