CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

NVD•added 2026/04/08 9:17 p.m.•31 views

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7.3CVSS0.00196EPSS

Exploits1References2

UbuntuCve•added 2026/04/08 9:17 p.m.•3 views

CVE-2026-39883

7.3CVSS5.8AI score0.00196EPSS

Exploits1References3

OSV•added 2026/04/08 9:17 p.m.•1 views

UBUNTU-CVE-2026-39883

7.3CVSS5.8AI score0.00196EPSS

Exploits1References4

Debian CVE•added 2026/04/08 8:26 p.m.•1 views

CVE-2026-39883

7.3CVSS5.2AI score0.00196EPSS

Exploits1

SUSE CVE•added 2026/03/04 12:28 a.m.•3 views

SUSE CVE-2026-24051

OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search pat...

7CVSS6AI score0.00157EPSS

Exploits0References4

OSV•added 2026/02/02 11:16 p.m.•4 views

AZL-76449 CVE-2026-24051 affecting package cri-o 1.30.1-1

7CVSS7.5AI score0.00157EPSS

Exploits0References1

NVD•added 2026/02/02 11:16 p.m.•7 views

CVE-2026-24051

7CVSS0.00157EPSS

Exploits0References2

UbuntuCve•added 2026/02/02 11:16 p.m.•4 views

CVE-2026-24051

7CVSS7.2AI score0.00157EPSS

Exploits0References3

Snyk•added 2026/02/02 8:7 p.m.•3 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in resource detection code which executes ioreg, when the PATH environment variable is modified to include a malicious executable. An attacker can execute arbitrary code within the context of the application by...

7.3CVSS6.1AI score0.00157EPSS

Exploits0References2

Snyk•added 2026/02/02 8:7 p.m.•1 views

Untrusted Search Path

7.3CVSS6.1AI score0.00157EPSS

Exploits0References2

Github Security Blog•added 2026/02/02 8:7 p.m.•8 views

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking

Impact The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking Untrusted Search Paths on macOS/Darwin systems. The resource detection code in sdk/resource/hostid.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the...

7CVSS5.7AI score0.00157EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/02/02 7:49 p.m.•7 views

CVE-2026-24051

7CVSS5.7AI score0.00157EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/02/02 12:0 a.m.•7 views

PT-2026-5718

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.20.0 through 1.39.0 Description The OpenTelemetry Go SDK versions 1.20.0 through 1.39.0 are susceptible to a path hijacking issue on macOS/Darwin systems. The resource detection code in sdk/resource/host id.go...

9.8CVSS5.7AI score0.00157EPSS

Exploits0

CNNVD•added 2026/02/02 12:0 a.m.•7 views

OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.20.0 to 1.39.0 have code vulnerabilities. These vulnerabilities stem from path hijacking during the execution of the ioreg command in resource detection code, which may lead...

7CVSS7.7AI score0.00157EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by