Search CVE reports

Toggle filters

331 – 340 of 33882 results

Status is adjusted based on your filters.

CVE-2026-39883

Medium priority
Needs evaluation

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the...

1 affected package

golang-opentelemetry-otel

Package 24.04 LTS
golang-opentelemetry-otel Needs evaluation
Show less packages

CVE-2026-39882

Medium priority
Needs evaluation

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for...

1 affected package

golang-opentelemetry-otel

Package 24.04 LTS
golang-opentelemetry-otel Needs evaluation
Show less packages

CVE-2026-39864

Medium priority
Needs evaluation

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...

1 affected package

kamailio

Package 24.04 LTS
kamailio Needs evaluation
Show less packages

CVE-2026-39863

Medium priority
Needs evaluation

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service...

1 affected package

kamailio

Package 24.04 LTS
kamailio Needs evaluation
Show less packages

CVE-2026-39865

Medium priority
Needs evaluation

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash...

1 affected package

node-axios

Package 24.04 LTS
node-axios Needs evaluation
Show less packages

CVE-2026-5795

Medium priority
Needs evaluation

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the...

2 affected packages

jetty, jetty9

Package 24.04 LTS
jetty Not in release
jetty9 Needs evaluation
Show less packages

CVE-2026-33810

Medium priority
Needs evaluation

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-32289

Medium priority
Needs evaluation

Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-32288

Medium priority
Needs evaluation

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages

CVE-2026-32283

Medium priority
Needs evaluation

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only...

16 affected packages

golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...

Package 24.04 LTS
golang Not in release
golang-1.6 Not in release
golang-1.8 Not in release
golang-1.9 Not in release
golang-1.10 Not in release
golang-1.13 Not in release
golang-1.14 Not in release
golang-1.16 Not in release
golang-1.17 Not in release
golang-1.18 Not in release
golang-1.20 Not in release
golang-1.21 Needs evaluation
golang-1.22 Needs evaluation
golang-1.23 Needs evaluation
golang-1.24 Needs evaluation
golang-1.25 Not in release
Show all 16 packages Show less packages
  1. Previous page
  2. 32
  3. 33
  4. 34
  5. 35
  6. 36
  7. Next page
Export to JSON