Lucene search
K

14314 matches found

OSV
OSV
added 2026/04/08 9:17 p.m.5 views

UBUNTU-CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS5.8AI score0.0022EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/08 9:17 p.m.5 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS5.8AI score0.0022EPSS
Exploits1References3
NVD
NVD
added 2026/04/08 9:17 p.m.32 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS0.0022EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/08 8:26 p.m.47 views

CVE-2026-39883 OpenTelemetry-Go has an incomplete fix for CVE-2026-24051: BSD kenv command not using absolute path enables PATH hijacking

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS0.0022EPSS
Exploits1References2
CVE
CVE
added 2026/04/08 8:26 p.m.35 views

CVE-2026-39883

OpenTelemetry-Go versions 1.15.0–1.42.0 contain an incomplete fix for CVE-2026-24051: when addressing the Darwin ioreg command to use an absolute path, the BSD kenv command was left with a bare command name, enabling a PATH hijacking attack on BSD and Solaris platforms. The issue is resolved in O...

8.8CVSS5.8AI score0.0022EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:26 p.m.4 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS7.1AI score0.0022EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/08 8:26 p.m.2 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

8.8CVSS5.2AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/04/08 7:22 p.m.4 views

GHSA-HFVC-G4FC-PQHX opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

7.3CVSS5.8AI score0.0022EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 7:22 p.m.18 views

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

8.8CVSS6AI score0.0022EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31450

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.15.0 through 1.42.0 Description The fix for a previous issue changed the path used for one command but left another command vulnerable to a PATH hijacking attack on BSD and Solaris platforms. Specifically, the kenv...

8.8CVSS7.4AI score0.0022EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.5 views

CVE-2026-22454

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9575

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

5.9AI score0.0051EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.4 views

CVE-2026-22454

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

9.8CVSS0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.4 views

CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

5.8AI score0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:53 a.m.14 views

CVE-2026-22454

CVE-2026-22454 describes a Deserialization of Untrusted Data vulnerability in ThemeREX Solaris WordPress theme, enabling PHP Object Injection. Affected software is Solaris versions n/a through 2.5. The CVE entry indicates a high-impact issue with a CVSS v3.1 base score of 9.8 (Network, Low comple...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.32 views

CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

9.8CVSS0.0051EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23196

Name of the Vulnerable Software and Affected Versions ThemeREX Solaris versions n/a through 2.5 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. Recommendations At the moment, there is no information about a newer version that...

5.8AI score0.0051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

WordPress plugin Solaris 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS5.9AI score0.0051EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/03 12:20 p.m.5 views

WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solaris versions = 2.5...

9.8CVSS6AI score0.0051EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.3 views

Solaris 10 (x86) : 153154-09

The 153154-09 patch has not been applied. The Solaris 10 host is, therefore, affected by the vulnerability as referenced in the 153154-09 patch. SunOS 5.10x86: kernel patch. Date this patch was last updated by Sun : 2026-01-15 Tenable has extracted the preceding description block directly from th...

5CVSS7.1AI score0.00114EPSS
Exploits0References4
Rows per page
Query Builder