prometheus · threatengine.sh

CVE-2026-42154

< 3.5.3

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpo

7.5HIGH

CVE-2026-42151

>= 2.48.0 and < 3.5.3

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret fie

7.5HIGH

CVE-2026-40179

>= 3.0.0 and < 3.5.2

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have

6.1MEDIUM

CVE-2023-40577

all versions

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform

7.5HIGH

CVE-2023-26735

all versions

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows atta

7.5HIGH

CVE-2022-46146

< 0.7.2

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a

6.2MEDIUM

CVE-2022-21698

< 1.11.1

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides

7.5HIGH

CVE-2021-29622

>= 2.23.0 and < 2.26.1

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New u

6.5MEDIUM

CVE-2020-16248

<= 0.17.0

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausi

5.8MEDIUM

CVE-2019-3826

< 2.7.1

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this

6.1MEDIUM

CVE-2002-1211

all versions

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that point