Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1840 matches found

Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.11 views

PT-2026-41150

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emit tool called event in src/dbt mcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbati...

3.1CVSS6.1AI score
Exploits0References4
Amazon
Amazonadded 2026/05/14 12:0 a.m.6 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00019EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2026/05/14 12:0 a.m.9 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-100 (ALASNITRO-ENCLAVES-2026-100)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-100 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been...

8.1CVSS5.8AI score0.00019EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2026/05/14 12:0 a.m.6 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-114 (ALASDOCKER-2026-114)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-114 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

8.1CVSS5.8AI score0.00019EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/13 8:12 p.m.31 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS0.00025EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/13 8:12 p.m.4 views

CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.8AI score0.00025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/13 8:12 p.m.4 views

CVE-2026-42602

azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...

8.1CVSS5.8AI score0.00025EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/05/13 8:12 p.m.9 views

CVE-2026-42602

The CVE affects opentelemetry-collector-contrib’s azureauthextension in versions 0.124.0–0.150.0. The root cause is that Authenticate performs a token equality check against a token minted by the collector’s own credential, using the client-supplied Host header to set the scope, and does not vali...

8.1CVSS5.8AI score0.00025EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/05/13 7:17 p.m.7 views

DEBIAN-CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References1
Microsoft Secure
Microsoft Secureadded 2026/05/12 10:53 p.m.12 views

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

5.8AI score
Exploits0
NVD
NVDadded 2026/05/12 8:16 p.m.17 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

7.8CVSS0.00014EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 6:17 p.m.12 views

CVE-2026-42348

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

7.5CVSS0.00017EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/12 6:1 p.m.29 views

CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

5.9CVSS0.00017EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/12 6:1 p.m.4 views

CVE-2026-42348 OpAMP client reads unbounded HTTP response bodies

OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This coul...

5.9CVSS5.9AI score0.00017EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 6:1 p.m.10 views

CVE-2026-42348

OpenTelemetry.OpAmp.Client (OpenTelemetry .NET) is affected before version 0.2.0-alpha.1. The HTTP transport reads HttpResponseMessage.Content into memory using ReadAsByteArrayAsync without a size cap, allowing an unbounded read of the entire response body. This can cause memory exhaustion in the...

7.5CVSS5.9AI score0.00017EPSS
Exploits0References2Affected Software1
Circl
Circladded 2026/05/12 2:14 p.m.7 views

CVE-2026-45686

creationtimestamp| type| source ---|---|--- 2026-05-12 14:14:03+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-43g7-cwr8-q3jh 2026-06-02 18:01:50+00:00| seen|...

7.5CVSS5.7AI score0.00066EPSS
Exploits1References2
Circl
Circladded 2026/05/12 2:13 p.m.6 views

CVE-2026-45684

creationtimestamp| type| source ---|---|--- 2026-05-12 14:13:40+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-vvmg-8mjr-g6q3...

5.3CVSS5.8AI score0.00014EPSS
Exploits1References1
Circl
Circladded 2026/05/12 2:12 p.m.5 views

CVE-2026-45682

creationtimestamp| type| source ---|---|--- 2026-05-12 14:12:38+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-962q-hwm5-52x5 2026-06-02 16:53:08+00:00| seen|...

5.5CVSS5.8AI score0.00015EPSS
Exploits1References2
Circl
Circladded 2026/05/12 2:12 p.m.6 views

CVE-2026-45683

creationtimestamp| type| source ---|---|--- 2026-05-12 14:12:18+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-fjq3-ffvr-vm46 2026-06-02 17:31:17+00:00| seen|...

3.8CVSS5.8AI score0.00013EPSS
Exploits1References2
Circl
Circladded 2026/05/12 2:11 p.m.4 views

CVE-2026-45681

creationtimestamp| type| source ---|---|--- 2026-05-12 14:11:59+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-r6c9-g6q5-qrf9...

5.9CVSS5.8AI score0.0004EPSS
Exploits1References1
Rows per page
Query Builder