com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.0 <=4.1.0), com.weibo:rill-flow-service (>=0.1.3 <=0.1.18) +159 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=0.12.1 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =0.12.1, =3.8.0, =0.1.3, =4.0.0-alpha1, =1.9.0, =0.0.10, =0.2.1, =0.6.2, =0.6.2, =0.80.0, =0.80.0, =0.19.0, =2.5.0, =1.9.0, =1.9.0, =2.3.0 and more Source cves: CVE-2026-33701 Source advisory: OSV:GHSA-XW7X-H9FJ-P2C7...

OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

OpenTelemetry with Spring Boot

This is a new blog post in the Road to GA series, and this time we're taking a look at OpenTelemetry with Spring Boot. Introduction In modern cloud native architectures, observability is no longer optional; it is a fundamental requirement. You want to understand what your application is doing via...

EUVD-2009-0621

Malware in sbrugna...

EUVD-2021-2577

Malware in sbrugna...

EUVD-2023-2892

Malicious code in bioql PyPI...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup". It is designed to addres...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

APM Java Agent Local Privilege Escalation issue

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

CVE-2021-37942

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

Privilege escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

CVE-2021-37942 APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user...

Elastic APM Security Vulnerability

Elastic APM is a platform for monitoring and analyzing application performance from Elastic Netherlands. A security vulnerability exists in the Elastic APM Java agent. An attacker could exploit the vulnerability to execute code via elevated privilege...

PT-2023-12332 · Unknown · Apm Java Agent

Name of the Vulnerable Software and Affected Versions: APM Java agent affected versions not specified Description: A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By usin...

Exploit for Code Injection in Apache Commons_Text

cve-2022-42889-intercept It should be noted that versions...

Arbitrary File Write

one-java-agent-plugin is vulnerable to arbitrary file write. An attacker can overwrite the executable files or invoke them remotely through the unzip function of IOUtils.java by providing a specially crafted archive...

GHSA-9HR3-J9MC-XMQ2 Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...