Lucene search
K

528 matches found

NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 10:16 p.m.5 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 9:17 p.m.14 views

CVE-2026-54712

OpenTelemetry Java Instrumentation prior to 2.27.0 is affected. The issue resides in the RMI context propagation payload reader, which limits the number of context entries but does not limit the aggregate size of strings read, allowing an attacker who can reach a network-reachable RMI endpoint to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 9:15 p.m.13 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 9:15 p.m.42 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-7539

A potential security vulnerability has been identified in the HP Accessory WMI Provider installer for some HP Docking Stations, which might allow escalation of privilege and/or arbitrary code execution. HP is releasing software updates to mitigate the potential vulnerability...

7.3CVSS0.00096EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:47 p.m.13 views

CVE-2026-7539

Technical details about CVE-2026-7539 are not publicly available in the provided documents. Monitor for updates from HP and CVE records for affected products, affected components, and fixes.

7.3CVSS6AI score0.00096EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out-of-bounds chipid values. Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type e.g., the literal 1 is treated as an int might be shifted beyond 32 bits. As a result, instrumentation...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52085

Name of the Vulnerable Software and Affected Versions HP Accessory WMI Provider installer affected versions not specified Description A security issue exists in the HP Accessory WMI Provider installer used for certain HP Docking Stations. This flaw could allow an attacker to achieve escalation of...

7.3CVSS6AI score0.00096EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38121

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

4.8CVSS5.9AI score0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.33 views

CVE-2026-56294 capacitor-native-biometric - Authentication Bypass via Unvalidated CryptoObject in onAuthenticationSucceeded

capacitor-native-biometric before 12.128.2 contains an authentication bypass vulnerability where the onAuthenticationSucceeded method fails to validate CryptoObject parameters. Attackers can hook the onAuthenticationSucceeded function using dynamic instrumentation to bypass biometric authenticati...

4.8CVSS0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 6:54 p.m.33 views

CVE-2026-41708 Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49304

Name of the Vulnerable Software and Affected Versions Spring Cloud Sleuth versions 3.1.0 through 3.1.13 Description A denial-of-service DoS condition can be triggered when a user provides specially crafted calls. This occurs in applications using the...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
Chainguard
Chainguard
added 2026/06/12 7:18 a.m.15 views

GHSA-5375-PQ7M-F5R2 vulnerabilities

Vulnerabilities for packages: langfuse-fips, pulumi, langfuse, gemini-cli, jitsucom-jitsu, opentelemetry-auto-instrumentations-node, kibana, cadence-web...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/11 12:0 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Spring TX transaction instrumentation classes in this package. A remote user can issue calls that drive the transaction instrumentation to allocate resources without limits or...

8.7CVSS5.4AI score0.00278EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/11 12:0 a.m.7 views

cve-2026-41708 - HIGH - Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

cve-2026-41708 - HIGH - Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability...

7.5CVSS6.1AI score0.00278EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/09 12:57 p.m.9 views

CVE-2026-11786

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

6.5CVSS5.6AI score0.0016EPSS
Exploits0
Rows per page
Query Builder