Lucene search
+L

845 matches found

osv
osv
added yesterday3 views

ROOT-APP-NPM-CVE-2026-54285 CVE-2026-54285 in @rootio/opentelemetry__core - Patched by Root

Root has patched CVE-2026-54285 in the @rootio/opentelemetrycore package for Root:npm. Multiple fixed versions available...

5.3CVSS6.1AI score0.00238EPSS
Exploits0
osv
osv
added 3 days ago16 views

ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root

Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
osv
osv
added 2026/07/09 1:16 p.m.2 views

SUSE-RU-2026:2816-1 Recommended update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build, python-google-cloud-compute, python-google-cloud-core, python-google-cloud-dns, python-google-cloud-domains, python-google-cloud-iam, python-google-cloud-kms, python-google-cloud-kms-inventory, python-google-cloud-logging, python-google-cloud-run, python-google-cloud-secret-manager, python-google-cloud-service-directory, python-google-cloud-spanner, python-google-cloud-storage, python-google-cloud-vpc-access, python-google-crc32c, python-google-resumable-media, python-googleapis-common-protos, python-grpc-google-iam-v1, python-grpc-interceptor, python-mmh3, python-mypy, python-opentelemetry-resourcedetector-gcp, python-poetry-core, python-proto-plus, python-pytest-asyncio, python-syrupy, python-typed-ast, python-uritemplate, python-dnspython, python-trio, python-websocket-client

This update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build,...

7CVSS6.8AI score0.01857EPSS
Exploits1References4
cvelist
cvelist
added 2026/07/08 4:3 p.m.33 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/08 4:3 p.m.6 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/07/08 4:3 p.m.6 views

EUVD-2026-42324

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References3
osv
osv
added 2026/07/08 4:3 p.m.4 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6.1AI score0.00436EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.11 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References9
rocky
rocky
added 2026/07/07 12:5 p.m.4 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

9.6CVSS7.3AI score0.00939EPSS
Exploits0
nessus
nessus
added 2026/07/07 12:0 a.m.6 views

MiracleLinux 9 : opentelemetry-collector-0.144.0-2.el9_8 (AXSA:2026-1213:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1213:03 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS7AI score0.00651EPSS
Exploits1References9
osv
osv
added 2026/07/03 2:29 p.m.10 views

ROOT-APP-MAVEN-CVE-2026-45292 CVE-2026-45292 in io.root.io.opentelemetry:opentelemetry-api - Patched by Root

Root has patched CVE-2026-45292 in the io.root.io.opentelemetry:opentelemetry-api package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.2AI score0.00791EPSS
Exploits0
osv
osv
added 2026/07/02 10:36 a.m.7 views

ROOT-APP-GOBINARY-CVE-2026-29181 CVE-2026-29181 in rootio-go.opentelemetry.io/otel - Patched by Root

Root has patched CVE-2026-29181 in the rootio-go.opentelemetry.io/otel package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.00435EPSS
Exploits1
osv
osv
added 2026/07/02 10:17 a.m.6 views

RHSA-2026:34359 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

8.2CVSS6.6AI score0.00939EPSS
Exploits0References50
osv
osv
added 2026/07/02 10:17 a.m.6 views

RHSA-2026:34357 Red Hat Security Advisory: opentelemetry-collector security update

Bulletin has no description...

8.2CVSS6.6AI score0.00939EPSS
Exploits0References50
nvd
nvd
added 2026/07/01 10:16 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
osv
osv
added 2026/07/01 9:17 p.m.4 views

CVE-2026-54712 OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References3
cve
cve
added 2026/07/01 9:15 p.m.13 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2026/07/01 7:33 p.m.7 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00939EPSS
Exploits0References7
redhat
redhat
added 2026/07/01 6:46 p.m.12 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.00939EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.11 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
Rows per page
Query Builder