Lucene search
K

57 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 4:17 p.m.2 views

CVE-2025-15381

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

8.1CVSS7.1AI score0.00331EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 12:31 a.m.3 views

GHSA-FFQX-Q65F-36JF Grafana Tempo has Inadequate Encryption Strength

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Grafana thanks williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References5
NVD
NVD
added 2026/03/26 10:16 p.m.6 views

CVE-2026-28377

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS0.00155EPSS
Exploits0References1
Grafana
Grafana
added 2026/03/16 12:0 a.m.10 views

S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint

A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...

7.5CVSS5.8AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.6 views

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

5.8CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 9:15 p.m.10 views

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

5.8CVSS0.00282EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 8:53 p.m.3 views

Server-side Request Forgery (SSRF)

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of apiurl and apikey fields in baggage headers in RunTree.fromheaders and...

7.5CVSS5.9AI score0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:8 p.m.6 views

CVE-2026-25528

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary apiurl values through the baggage header, causing the SDK to...

5.8CVSS5.9AI score0.00282EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/16 3:30 p.m.5 views

EUVD-2025-203699

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...

5.9AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 2:15 p.m.1 views

UBUNTU-CVE-2025-68197

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...

5.9AI score0.00155EPSS
Exploits0References10
CVE
CVE
added 2025/12/16 1:43 p.m.12 views

CVE-2025-68197

The CVE-2025-68197 issue affects the Linux kernel bnxt_en driver. It fixes a null pointer dereference in bnxt_bs_trace_check_wrap() that could occur when FW trace data type is uninitialized on older FW, leading to a crash in bnxt_bs_trace_type_wrap(). The patch adds a guard to verify a valid magi...

6AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 1:43 p.m.2 views

CVE-2025-68197 bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap()

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix null pointer dereference in bnxtbstracecheckwrap With older FW, we may get the ASYNCEVENTCMPLEVENTIDDBGBUFPRODUCER for FW trace data type that has not been initialized. This will result in a crash in...

6.3AI score0.00155EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-25436

Malware in sbrugna...

5.5CVSS5.8AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-4925

Malware in sbrugna...

5CVSS6.4AI score0.01039EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-38649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinit...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/24 4:7 p.m.4 views

CVE-2025-38649

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...

5.5CVSS6.8AI score0.00158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.7 views

PT-2025-2827 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.7.0 IBM App Connect Enterprise version 13.0.1.0 Description: The issue allows a privileged user to obtain JMS credentials under certain configurations. This is related to improper...

4.4CVSS6.4AI score0.00367EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/16 5:44 p.m.8 views

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release

A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...

9.1CVSS6.6AI score0.03153EPSS
Exploits2References3
Citrix
Citrix
added 2024/07/02 12:0 a.m.9 views

Citrix CDFControl Service How to Save Logs On A UNC Network Share

Sometimes it may be necessary to save trace data to a shared network folder, for example, crash/hang issues with non-persistent VDAs or due to local disk space constraints...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/21 2:20 p.m.21 views

CVE-2021-47274 tracing: Correct the length check which causes memory corruption

In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: 1640542.554277 general protection fault: 0000 1...

7AI score0.01261EPSS
Exploits0References7
Rows per page
Query Builder