Export limit exceeded: 357805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357805 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357805 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45684 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 4.9 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total iov_iter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45683 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 3.8 Low |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45681 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 5.9 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45682 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 5.1 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45680 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 5.9 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45679 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 6.5 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis systems. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45678 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 7.5 High |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond the end of the captured buffer and panic. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-47325 | 1 Projectsandprograms | 1 School Management System | 2026-06-03 | N/A |
| ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The application does not require or prompt users to change the password upon first login. This behavior allows attackers to easily guess or derive valid credentials, leading to unauthorized account access. The maintainers were notified early about this vulnerability but did not provide details regarding affected versions. The version corresponding to commit 6b6fae5 was tested and confirmed vulnerable; other versions were not tested and may also be affected. | ||||
| CVE-2026-9642 | 1 Delta Electronics | 1 Diaview | 2026-06-03 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-5385 | 1 Glpi-project | 1 Glpi | 2026-06-03 | N/A |
| An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7. | ||||
| CVE-2026-10273 | 1 Php-censor | 1 Php-censor | 2026-06-03 | 7.3 High |
| A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-4604 | 2026-06-03 | 6.1 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields. This issue affects SSO (Single Sign On): from 1.0 before 1.1. | ||||
| CVE-2024-3264 | 1 Miateknoloji | 1 Mia-med | 2026-06-03 | 5.3 Medium |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation. This issue affects Mia-Med Health Aplication: before 1.0.14. | ||||
| CVE-2024-1100 | 1 Vadi | 1 Digikent Gis | 2026-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKENT GIS: through 2.23.5. | ||||
| CVE-2024-0851 | 1 Gruparge | 1 Smartpower | 2026-06-03 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection. This issue affects Smartpower: through V24.05.27. | ||||
| CVE-2022-31114 | 2026-06-03 | N/A | ||
| backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`. | ||||
| CVE-2019-25719 | 1 Draeger | 2 Infinity Acute Care System, Standalone Infinity M540 Patient Monitor | 2026-06-03 | 8.6 High |
| Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality. | ||||
| CVE-2026-10221 | 1 Nousresearch | 1 Hermes-agent | 2026-06-03 | 7.3 High |
| A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-45676 | 1 Opentelemetry | 2 Ebpf Instrumentation, Opentelemetry-ebpf-instrumentation | 2026-06-03 | 5.5 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-44545 | 2026-06-03 | 5.3 Medium | ||
| daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service. | ||||