Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 10:1 p.m.9 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References2
CVE
CVE
added 2026/05/06 8:58 p.m.17 views

CVE-2026-41483

OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/29 8:17 p.m.6 views

GHSA-55M9-299J-53C7 OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2026/04/21 8:27 p.m.6 views

GHSA-M2CX-GPQF-QF74 Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion

Summary The HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References4
Rows per page
Query Builder