5.3
CVE-2026-41484 - OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error respon…
OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the ent…
5.9
CVE-2026-41483 - Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker who…
5.3
CVE-2026-41310 - OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spans…
5.3
CVE-2026-41417 - Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri…
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same va…
5.4
CVE-2026-40296 - PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal c…
10
CVE-2026-40281 - Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate argu…
7.1
CVE-2026-40251 - Incus out-of-bounds panic in snapshot metadata handling allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an out-of-b…
2.3
CVE-2026-40243 - Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with cus…
7.1
CVE-2026-40197 - Incus nil-pointer dereference in custom volume import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem contain…
7.1
CVE-2026-40195 - Incus nil-pointer dereference in storage bucket import allows denial of service
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup metada…