OpenTelemetry Instrumentation for Java 代码问题漏洞

OpenTelemetry Instrumentation for Java is an open-source Java proxy JAR developed by OpenTelemetry. There were code-related vulnerabilities in versions of OpenTelemetry Instrumentation for Java prior to 2.26.1. These vulnerabilities stemmed from the fact that custom endpoints registered by RMI...

CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

H2O 安全漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Version 3.46.0.1 of H2O contains a security vulnerability. This vulnerability allows attackers to write data into arbitrary files on the server using the /3/Parse and /3/Frames/framename/export...

CVE-2025-14611

Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted...