137 matches found
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin for .NET (Zipkin exporter) has an unbounded remote endpoint cache in versions up to 1.15.2, where keys derived from span attributes can grow without bound in high-cardinality scenarios, leading to memory growth and degraded availability. The issue is addressed in ver...
CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
GHSA-54W4-233H-X86G OpenStack Ironic has an Incorrect Resource Transfer Between Spheres
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
EUVD-2026-27428
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
Incorrect Resource Transfer Between Spheres
Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a...
CVE-2026-42997
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
CVE-2026-42997
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
CVE-2026-42997
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...
CVE-2026-7643 ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...
GHSA-88HF-WF7H-7W4M OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...
PT-2026-35933
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Zipkin versions prior to 1.15.3 Description The remote endpoint cache in the Zipkin exporter accepts unbounded key growth derived from span attributes. In high-cardinality scenarios—situations where there is a large numb...
BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...
Rclone 访问控制错误漏洞
Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports various cloud storage services such as Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, and Yandex...
CVE-2026-3761
SourceCodester Client Database Management System 1.0 contains a flaw in the /superadmin_user_delete.php endpoint where manipulating the user_id parameter leads to improper authorization. The issue can be exploited remotely and the exploit has been published. Affects the described component; CVSS ...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2023-54183
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...
EUVD-2023-60458
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...
CVE-2023-54183
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...