4 matches found
CVE-2026-44213
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...
CVE-2026-48697
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...
Malicious code in nikou-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4634b70c99dd84c499d573350a00e86b09e8caaf34786d60b118ce12c64b426 utils/BotClient.js hardcodes a Feishu/Lark appId clia88b12e0b9b51013 and appSecret aBRv7CbiWuL7csrMavfLvc5sMW5B4Ky7 as default constructor values,...
OneUptime ClickHouse SQL Injection via Aggregate Query Parameters
Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...