Lucene search
K

137 matches found

NVD
NVD
added 2026/05/06 10:16 p.m.14 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 8:54 p.m.27 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin for .NET (Zipkin exporter) has an unbounded remote endpoint cache in versions up to 1.15.2, where keys derived from span attributes can grow without bound in high-cardinality scenarios, leading to memory growth and degraded availability. The issue is addressed in ver...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 8:54 p.m.50 views

CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS0.00311EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 9:31 p.m.6 views

GHSA-54W4-233H-X86G OpenStack Ironic has an Incorrect Resource Transfer Between Spheres

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/05 9:31 p.m.10 views

EUVD-2026-27428

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 9:31 p.m.8 views

Incorrect Resource Transfer Between Spheres

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 7:16 p.m.9 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS0.0044EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.8 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.6 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/02 2:45 p.m.38 views

CVE-2026-7643 ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy

A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

5.3CVSS0.00158EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 11:23 p.m.4 views

GHSA-88HF-WF7H-7W4M OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/28 11:23 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35933

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.Zipkin versions prior to 1.15.3 Description The remote endpoint cache in the Zipkin exporter accepts unbounded key growth derived from span attributes. In high-cardinality scenarios—situations where there is a large numb...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References8
OSV
OSV
added 2026/04/24 8:51 a.m.4 views

BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.4AI score0.34734EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

Rclone 访问控制错误漏洞

Rclone is a software developed by the Rclone team that can synchronize data asynchronously from cloud storage. This software supports various cloud storage services such as Google Drive, Amazon Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Cloudfiles, Google Cloud Storage, and Yandex...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References2
CVE
CVE
added 2026/03/08 6:32 p.m.13 views

CVE-2026-3761

SourceCodester Client Database Management System 1.0 contains a flaw in the /superadmin_user_delete.php endpoint where manipulating the user_id parameter leads to improper authorization. The issue can be exploited remotely and the exploit has been published. Affects the described component; CVSS ...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/25 1:16 p.m.4 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS5.8AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:52 p.m.7 views

CVE-2023-54183

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...

5.8AI score0.00184EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/30 3:30 p.m.8 views

EUVD-2023-60458

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...

5.9AI score0.00184EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.13 views

CVE-2023-54183

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...

5.9AI score0.00184EPSS
Exploits0References10
Rows per page
Query Builder