EUVD-2026-3069

Malicious code in js-observability npm...

Malicious code in js-observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec70afb236a90dfd2de166a3fe7626fc3c10526de7dffda8468c0a8eccaf964b The package js-observability was found to contain malicious code. Source: ghsa-malware e73e93c1fefbabe1cd40c1fafdb7cd01b97aae241106ecee4aad599c02756d...

MAL-2026-289 Malicious code in js-observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec70afb236a90dfd2de166a3fe7626fc3c10526de7dffda8468c0a8eccaf964b The package js-observability was found to contain malicious code. Source: ghsa-malware e73e93c1fefbabe1cd40c1fafdb7cd01b97aae241106ecee4aad599c02756d...

CVE-2024-39901

OpenSearch Observability is collection of plugins and applications that visualize data-driven events. An issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when...

CVE-2024-41809

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...

Kasten Prometheus Export via remote_write

Purpose Kasten now supports exporting metrics from the embedded Prometheus to external backends using Prometheus's remotewrite capability. This feature supports the collection, aggregation, and visualization of cluster and multi-cluster metrics in monitoring tools like Grafana Cloud and Datadog...

VScanX

VScanX - Ethical Vulnerability Scanner !Versionhttps://img...

Explainable AI Agents: Capture LLM Tool Call Reasoning with Spring AI

When building AI agents with tool calling capabilities, developers often need insights into why an LLM chose a particular tool—not just which tool it selected. Understanding the model's reasoning process is important for debugging, observability, and building trustworthy AI systems. Spring AI now...

@agentuity/evals (>=0.0.104 <=2.0.23), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.4) +291 more potentially affected by CVE-2025-68154 via systeminformation (>=5.0.6 <=5.27.13)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2025-68154 Source...

Important: Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2 Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fixes:...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.309 Vulnerability Details CVEID:CVE-2025-9900 DESCRIPTION: A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafte...

Important: Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0 Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fixes:...

Microsoft Azure Monitor 代码问题漏洞

Microsoft Azure Monitor is a newer observability tool from Microsoft USA that enables end-to-end monitoring capabilities for applications, infrastructure and networks. A code issue vulnerability exists in Microsoft Azure Monitor that stems from an elevation of privilege vulnerability...

Kibana 8.12.x < 8.19.7 / 9.1.x < 9.1.7 / 9.2.x < 9.2.1 (ESA-2025-24)

The version of Kibana installed on the remote host is prior to 8.19.7, 9.1.7, or 9.2.1. It is, therefore, affected by a vulnerability as referenced in the ESA-2025-24 advisory. - Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by...

CVE-2025-40545

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

CVE-2025-40545

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

CVE-2025-40545

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...

CVE-2025-26391

SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account...