Lucene search
+L

3765 matches found

CVE
CVE
added yesterday12 views

CVE-2026-50272

CVE-2026-50272 affects dd-trace for Node.js (pre-5.100.0). The issue occurs in W3C baggage propagation: baggage headers are parsed without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES during extraction in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing...

7.5CVSS5.5AI score0.00106EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday6 views

CVE-2026-50272 dd-trace: Improper parsing of W3C baggage headers may lead to DoS

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/textmap.js parsed incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on...

7.5CVSS0.00106EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday18 views

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS8.1AI score0.01502EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago117 views

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

7.6CVSS6.9AI score0.44259EPSS
Exploits1References3
OSV
OSV
added 3 days ago4 views

GHSA-74J5-XF3V-CRQ8 dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago12 views

dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software2
Patchstack
Patchstack
added 3 days ago10 views

NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS vulnerability discovered by ? in WordPress Npm dd-trace versions 5.100.0...

7.5CVSS6.1AI score0.00106EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60360

Name of the Vulnerable Software and Affected Versions dd-trace-py versions prior to 4.8.2 Description Datadog tracing libraries implementing W3C baggage propagation fail to enforce limits on the number of items or total bytes when parsing incoming baggage HTTP headers during the extraction proces...

7.5CVSS5.4AI score0.00106EPSS
Exploits0References7
NVD
NVD
added 4 days ago5 views

CVE-2026-4018

TOCTOU Race Condition in specific trace commands of the TraceEvent system call could allow an attacker with local access and with the PROCMGRAIDTRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...

6.4CVSS0.00092EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-4017

Buffer Overflow in the entry handler of the TraceEvent system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...

7.4CVSS0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-4018 TOCTOU race condition in the QNX Neutrino kernel impacts versions of the QNX Software Development Platform and QNX OS for Safety

TOCTOU Race Condition in specific trace commands of the TraceEvent system call could allow an attacker with local access and with the PROCMGRAIDTRACE ability, to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...

6.4CVSS0.00092EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-4018

CVE-2026-4018 describes a TOCTOU race condition in specific trace commands of the TraceEvent() system call in the QNX Neutrino kernel, affecting versions of the QNX Software Development Platform and QNX OS for Safety. The vulnerability could allow a local attacker with PROCMGR_AID_TRACE privilege...

6.4CVSS6.1AI score0.00092EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.2AI score0.0014EPSS
Exploits24References6
OSV
OSV
added 5 days ago5 views

MAL-2026-10232 Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
OSV
OSV
added 5 days ago3 views

MAL-2026-10228 Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/10 10:0 a.m.11 views

CVE-2026-59152

A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...

5CVSS6.1AI score0.00174EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/08 10:38 p.m.5 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 10:38 p.m.7 views

Incorrect Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient enforcement of destination permission checks for...

6.5CVSS6.1AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

6.5CVSS0.00308EPSS
Exploits0References4
Rows per page
Query Builder