Lucene search
+L

1228 matches found

Debian CVE
Debian CVE
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31628

In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operations. Those results can be leaked by another, attacker thread. Fix that with a chicken bit...

5.5CVSS5.2AI score0.00129EPSS
Exploits0
Snyk
Snyk
added 2026/04/24 10:19 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS through the query process. An attacker can exhaust system memory and impact service availability by submitting queries with excessively large limits. Workaround This vulnerability can be mitigated by setting...

8.7CVSS5.8AI score0.00645EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/24 9:30 a.m.24 views

Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/24 9:30 a.m.64 views

GHSA-P4R4-XVRQ-GVMC Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.8AI score0.00645EPSS
Exploits0References8
NVD
NVD
added 2026/04/24 9:16 a.m.11 views

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS0.00645EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/24 8:0 a.m.56 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS0.00645EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 8:0 a.m.4 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 8:0 a.m.7 views

EUVD-2026-25408

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

7.5CVSS5.2AI score0.00645EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 8:0 a.m.58 views

CVE-2026-21728

CVE-2026-21728 affects Grafana Tempo: queries with large limits can trigger large memory allocations, potentially impacting service availability depending on deployment. Technical detail across sources confirms the issue arises from unbounded or excessive memory usage during large-limit tempo que...

7.5CVSS7AI score0.00645EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:0 a.m.11 views

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/04/24 8:0 a.m.4 views

CVE-2026-21728 Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18. Alternatively, automatically restart the service...

7.5CVSS7AI score0.00645EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.17 views

PT-2026-34868

Name of the Vulnerable Software and Affected Versions Tempo affected versions not specified Description Queries with large limits can cause excessive memory allocations, which may impact service availability depending on the deployment strategy. Recommendations Set the max result limit in the...

7.5CVSS5.9AI score0.00645EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/20 6:31 p.m.8 views

EUVD-2026-23931

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.10 views

Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/20 6:31 p.m.7 views

GHSA-QC5J-2MQX-X83Q Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6
NVD
NVD
added 2026/04/20 6:16 p.m.12 views

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS0.00264EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 5:48 p.m.4 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 5:48 p.m.31 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 5:48 p.m.4 views

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/20 5:48 p.m.3 views

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

6.3CVSS6AI score0.00264EPSS
Exploits0References7
Rows per page
Query Builder