| CVE-2026-42154 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a… |
| CVE-2026-42151 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a… |
| CVE-2026-40179 |
unknown |
— |
— |
|
|
|
2mo ago |
Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of… |
| CVE-2019-3826 |
unknown |
— |
— |
|
|
|
3y ago |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prome… |
