CVE-2026-44967

OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the grpc-status-details-bin parsing process during OTLP/gRPC retry handling. An attacker can cause...

Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the OTLP exporter. An attacker can cause memory exhaustion by configuring a malicious back-end or...

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

CVE-2026-40891 OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided grpc-status-details-bin trailer during retry handling. Prior to the fix, a malformed trailer could...

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

PT-2026-34708

Name of the Vulnerable Software and Affected Versions OpenTelemetry dotnet versions 1.13.1 through 1.15.1 Description When exporting telemetry over gRPC using the OpenTelemetry Protocol OTLP, the exporter may parse a server-provided 'grpc-status-details-bin' trailer during retry handling. A...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of Nats-Server prior to 2.11.15 and 2.12.5. These vulnerabilities stemmed from improper handli...

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

OpenTelemetry with Spring Boot

This is a new blog post in the Road to GA series, and this time we're taking a look at OpenTelemetry with Spring Boot. Introduction In modern cloud native architectures, observability is no longer optional; it is a fundamental requirement. You want to understand what your application is doing via...

CloudEdge App 安全漏洞

CloudEdge App is a mobile application designed for surveillance cameras from CloudEdge. A security vulnerability exists in CloudEdge App that stems from an uncleaned MQTT topic input that could lead to an attacker receiving all messages using MQTT wildcards to obtain credentials and key informati...

EUVD-2019-16097

Malware in sbrugna...

EUVD-2019-16099

Malware in sbrugna...

Zsviot Camera 安全漏洞

Zsviot Camera is a camera from the Chinese company Zsviot. A security vulnerability exists in Zsviot Camera version 8.26.31, which originates from an unknown portion of the component MQTT Packet Handler that can lead to a denial of service...

Bosch ctrlX HMI Web Panel WR21 Security Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the Bosch ctrlX HMI Web Panel WR21 version that originates from allowing an Android Agent application to retrieve sensitive information using the HTTP protocol, which could allow an attacker to...