14314 matches found
UBUNTU-CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go versions 1.15.0–1.42.0 contain an incomplete fix for CVE-2026-24051: when addressing the Darwin ioreg command to use an absolute path, the BSD kenv command was left with a bare command name, enabling a PATH hijacking attack on BSD and Solaris platforms. The issue is resolved in O...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
CVE-2026-39883
OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...
GHSA-HFVC-G4FC-PQHX opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking
Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...
opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking
Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...
PT-2026-31450
Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.15.0 through 1.42.0 Description The fix for a previous issue changed the path used for one command but left another command vulnerable to a PATH hijacking attack on BSD and Solaris platforms. Specifically, the kenv...
CVE-2026-22454
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
EUVD-2026-9575
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22454
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22454
CVE-2026-22454 describes a Deserialization of Untrusted Data vulnerability in ThemeREX Solaris WordPress theme, enabling PHP Object Injection. Affected software is Solaris versions n/a through 2.5. The CVE entry indicates a high-impact issue with a CVSS v3.1 base score of 9.8 (Network, Low comple...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
PT-2026-23196
Name of the Vulnerable Software and Affected Versions ThemeREX Solaris versions n/a through 2.5 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. Recommendations At the moment, there is no information about a newer version that...
WordPress plugin Solaris 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solaris versions = 2.5...
Solaris 10 (x86) : 153154-09
The 153154-09 patch has not been applied. The Solaris 10 host is, therefore, affected by the vulnerability as referenced in the 153154-09 patch. SunOS 5.10x86: kernel patch. Date this patch was last updated by Sun : 2026-01-15 Tenable has extracted the preceding description block directly from th...