EUVD-2024-0835

Malicious code in bioql PyPI...

EUVD-2025-4494

Malicious code in bioql PyPI...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CVE-2024-55156

CVE-2024-55156 affects the Java SDK for CloudEvents v4.0.1, with an XML External Entity (XXE) vulnerability in the deserializeArgs() method that can allow an attacker handling untrusted XML to access sensitive information. The connected sources corroborate the issue and point to the affected comp...

PT-2025-7443 · Unknown · Java Sdk For Cloudevents

Name of the Vulnerable Software and Affected Versions: Java SDK for CloudEvents version 4.0.1 Description: The issue is related to an XML External Entity XXE vulnerability in the deserializeArgs method. This allows attackers to access sensitive information by supplying a crafted XML-formatted eve...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CloudEvents 安全漏洞

CloudEvents is a Java SDK for CloudEvents open source by CloudEvents. A security vulnerability exists in CloudEvents version v4.0.1, which stems from an XML external entity vulnerability in the deserializeArgs method...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CBL Mariner 2.0 Security Update: telegraf (CVE-2024-28110)

The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28110 advisory. - Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior t...

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

...

The vulnerability of the WithRoundTripper() function in the library for integrating applications with cloud-based infrastructure, CloudEvents sdk-go, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WithRoundTripper function in the library for integrating applications with cloud-based infrastructure, the CloudEvents sdk-go, is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

GO-2024-2618 Authentication token leak in github.com/cloudevents/sdk-go/v2

Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, http.DefaultClient is modified with the authenticated transport...

CVE-2024-28110

A vulnerability was found in cloudevents/sdk-go. This issue involves using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper results in the go-sdk leaking credentials to arbitrary endpoints. When the transport is populated with an authenticated...

CVE-2024-28110

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

Design/Logic Flaw

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

CVE-2024-28110

The CVE-2024-28110 issue affects the Go SDK for CloudEvents. Before version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper can cause credentials to be leaked by modifying http.DefaultClient’s Transport, leading to credentials bein...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...