CVE-2026-41483

OpenTelemetry.Resources.Azure (Azure VM resource detector) suffers from unbounded HTTP response body reads in AzureVmMetaDataRequestor when contacting the Azure VM metadata endpoint, causing unbounded memory usage and potential DoS. The issue affects versions 1.15.0-beta.1 and earlier; it is fixe...

NPM: Axios: HTTP adapter streamed responses bypass maxContentLength

NPM: Axios: HTTP adapter streamed responses bypass maxContentLength vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

Design/Logic Flaw

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

PT-2024-20447 · Npm · @Urql/Next

Name of the Vulnerable Software and Affected Versions: @urql/next versions prior to 1.1.1 Description: The @urql/next package is vulnerable to XSS due to improper escaping of html-like characters in the response-stream. To exploit this, an attacker would need to ensure that the response returns...