Altium 365和Altium Enterprise Server 安全漏洞

Altium 365 and Altium Enterprise Server are both products of the American company Altium. Altium 365 is a product design and development platform. Altium Enterprise Server is a localized data management server. Both Altium 365 and Altium Enterprise Server have security vulnerabilities. These...

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from the accumulation of unsized HTTP/3 response bodies, which could lead to resource exhaustion...

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

CVE-2026-20239

CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...

Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Previous versions of OpenTelemetry .NET Contrib, such as 0.1.0-alpha.8, contained security vulnerabilities. These vulnerabilities stemmed from reading HTTP response...

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

...

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

GHSA-W8RR-5GCM-PP58 opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

EUVD-2026-20628

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies...

EUVD-2022-1229

Malicious code in bioql PyPI...

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...