Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

158 matches found

Tenable Nessus
Tenable Nessusadded 2026/05/27 12:0 a.m.6 views

FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...

6.8CVSS5.8AI score0.00017EPSS
Exploits0References3
Wolfi
Wolfiadded 2026/05/14 7:48 p.m.10 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, telegraf, mcp-grafana, metrics-server, istio, opentelemetry-collector-contrib, karma, prometheus, splunk-otel-collector, loki, mc, certificate-transparency, opentelemetry-operator, node-problem-detector, trillian, jaeger, prometheus-pushgateway,...

5.1CVSS5.8AI score0.00052EPSS
Exploits0
Chainguard
Chainguardadded 2026/05/14 7:17 p.m.11 views

CVE-2026-44903 vulnerabilities

Vulnerabilities for packages: agentbeat-fips, mc, karma, karma-fips, nrdot-collector-k8s, nrdot-collector-k8s-fips, telegraf, agentbeat, loki, ops-agent, node-problem-detector-fips, mcp-grafana-fips, opentelemetry-operator-fips, splunk-otel-collector, minio-object-browser-fips,...

5.1CVSS5.8AI score0.00052EPSS
Exploits0
Wolfi
Wolfiadded 2026/05/06 7:48 p.m.7 views

GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, telegraf, mcp-grafana, metrics-server, istio, opentelemetry-collector-contrib, karma, prometheus, splunk-otel-collector, loki, mc, certificate-transparency, opentelemetry-operator, node-problem-detector, trillian, jaeger, prometheus-pushgateway,...

5.8AI score
Exploits0
Chainguard
Chainguardadded 2026/05/06 7:17 p.m.6 views

GHSA-FW8G-CG8F-9J28 vulnerabilities

Vulnerabilities for packages: agentbeat-fips, mc, karma, karma-fips, nrdot-collector-k8s, nrdot-collector-k8s-fips, telegraf, agentbeat, loki, ops-agent, node-problem-detector-fips, mcp-grafana-fips, opentelemetry-operator-fips, splunk-otel-collector, minio-object-browser-fips,...

5.8AI score
Exploits0
Github Security Blog
Github Security Blogadded 2026/04/23 9:43 p.m.34 views

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References10Affected Software2
OSV
OSVadded 2026/04/23 9:43 p.m.7 views

GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References10
Snyk
Snykadded 2026/04/23 9:43 p.m.2 views

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Extensions.Propagators is a package containing propagator formats for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the processing of propagation headers such as baggage, B3, and Jaeger. An attacker ca...

6.9CVSS5.5AI score0.00028EPSS
Exploits0References2
NVD
NVDadded 2026/04/23 7:17 p.m.1 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 6:5 p.m.1 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.7AI score0.0006EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2026/04/23 6:5 p.m.10 views

CVE-2026-41078

OpenTelemetry dotnet CVE-2026-41078 affects OpenTelemetry.Exporter.Jaeger (pre-1.6.0-rc.1 and earlier). The issue: memory pressure caused by unbounded pooled-list sizing in the Jaeger exporter conversion path, where oversized allocations from large span/tag sets can be reused for later allocation...

5.9CVSS5.7AI score0.0006EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/23 6:5 p.m.25 views

CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS0.0006EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/23 6:5 p.m.3 views

CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.7AI score0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/23 6:3 p.m.1 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References7Affected Software3
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34720

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Api versions 0.5.0-beta.2 through 1.15.2 OpenTelemetry.Extensions.Propagators versions 1.3.1 through 1.15.2 Description Implementation details of the baggage, B3, and Jaeger processing code in the OpenTelemetry.Api and...

5.3CVSS5.2AI score0.00028EPSS
Exploits0References15
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.3 views

OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry developed by OpenTelemetry Inc. There is a security vulnerability in OpenTelemetry .NET, which stems from the implementation details of baggage, B3, and Jaeger handling code. This vulnerability may lead to excessive memory allocation during...

5.3CVSS5.8AI score0.00028EPSS
Exploits0References1
OSV
OSVadded 2026/04/18 1:5 a.m.1 views

GHSA-38H3-2333-QX47 OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

Summary !IMPORTANT There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023. It is for informational purposes only. OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set...

5.9CVSS5.7AI score0.0006EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/04/18 1:5 a.m.3 views

OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

Summary !IMPORTANT There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023. It is for informational purposes only. OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set...

5.9CVSS5.7AI score0.0006EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/04/18 1:5 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...

8.2CVSS5.7AI score0.0006EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/18 12:0 a.m.2 views

PT-2026-33598

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Jaeger affected versions not specified Description This issue allows sustained memory pressure when the internal pooled-list sizing grows based on a large observed span or tag set and that enlarged size is reused for...

5.9CVSS5.8AI score0.0006EPSS
Exploits0References8
Rows per page
Query Builder