Lucene search
K

35 matches found

OSV
OSV
added 2026/06/26 8:42 a.m.5 views

BIT-GRAFANA-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

Altium 365和Altium Enterprise Server 安全漏洞

Altium 365 and Altium Enterprise Server are both products of the American company Altium. Altium 365 is a product design and development platform. Altium Enterprise Server is a localized data management server. Both Altium 365 and Altium Enterprise Server have security vulnerabilities. These...

8.3CVSS5.4AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:8 p.m.33 views

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS0.00329EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.9 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from the accumulation of unsized HTTP/3 response bodies, which could lead to resource exhaustion...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/20 4:32 p.m.14 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 4:32 p.m.31 views

CVE-2026-20239

CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/20 4:32 p.m.54 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Previous versions of OpenTelemetry .NET Contrib, such as 0.1.0-alpha.8, contained security vulnerabilities. These vulnerabilities stemmed from reading HTTP response...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:3 a.m.7 views

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 8:24 p.m.1 views

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 7:22 p.m.4 views

EUVD-2026-20628

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 7:22 p.m.5 views

GHSA-W8RR-5GCM-PP58 opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1229

Malicious code in bioql PyPI...

7.4CVSS5.8AI score0.02207EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.10 views

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

6.3CVSS7AI score0.00302EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/08/19 1:48 a.m.2 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/15 5:21 a.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:4 p.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
Rows per page
Query Builder