Lucene search
K

35 matches found

OSV
OSV
added 2026/06/26 8:42 a.m.5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

Altium 365和Altium Enterprise Server 安全漏洞

Altium 365 and Altium Enterprise Server are both products of the American company Altium. Altium 365 is a product design and development platform. Altium Enterprise Server is a localized data management server. Both Altium 365 and Altium Enterprise Server have security vulnerabilities. These...

8.3CVSS5.4AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:8 p.m.30 views

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS0.00329EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.8 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions prior to 2.0.0 through 4.0.1, which stems from the accumulation of unsized HTTP/3 response bodies, which could lead to resource exhaustion...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References5
CVE
CVE
added 2026/05/20 4:32 p.m.29 views

CVE-2026-20239

CVE-2026-20239 affects Splunk products: Splunk Enterprise (versions below 10.2.2 and 10.0.5) and Splunk Cloud Platform (below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13). A user with access to the _internal index could view session cookies and response bodies containing sensitive d...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/20 4:32 p.m.52 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 4:32 p.m.12 views

CVE-2026-20239 Sensitive Information Disclosure through Log Files in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the internal index could view session cookies and response bodies that contain sensitive data...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Splunk Cloud Platform和Splunk Enterprise 日志信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. Versions of Splunk Enterprise prior t...

7.5CVSS5.8AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Previous versions of OpenTelemetry .NET Contrib, such as 0.1.0-alpha.8, contained security vulnerabilities. These vulnerabilities stemmed from reading HTTP response...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:3 a.m.5 views

OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 8:24 p.m.1 views

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 7:22 p.m.2 views

EUVD-2026-20628

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 7:22 p.m.2 views

GHSA-W8RR-5GCM-PP58 opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1229

Malicious code in bioql PyPI...

7.4CVSS5.8AI score0.02207EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/05/23 4:17 a.m.9 views

CVE-2023-48256

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request...

6.3CVSS7AI score0.00302EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/08/19 1:48 a.m.2 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/15 5:21 a.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:4 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.5 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
Rows per page
Query Builder