607 matches found
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.306 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
PT-2025-41008
Name of the Vulnerable Software and Affected Versions CubeAPM version nightly-2025-08-01-1 Description The software allows unauthenticated attackers to inject arbitrary log entries into production systems. This is possible through the /api/logs/insert/elasticsearch/ bulk API endpoint, which accep...
EUVD-2025-32855
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/bulk endpoint. This endpoint accepts bulk log data without requiring authentication or input validation, allowing remote attackers to perform...
CVE-2025-57564
CVE-2025-57564 affects CubeAPM core (nightly-2025-08-01-1). An unauthenticated attacker can inject arbitrary log entries via the /api/logs/insert/elasticsearch/_bulk endpoint due to lack of authentication/input validation, potentially causing log poisoning, false entries, alert obfuscation, and o...
EUVD-2023-47250
Malicious code in bioql PyPI...
EUVD-2025-17689
Malicious code in bioql PyPI...
EUVD-2025-17686
Malicious code in bioql PyPI...
EUVD-2024-0616
Malicious code in bioql PyPI...
EUVD-2025-10273
Malicious code in bioql PyPI...
EUVD-2022-28551
Malicious code in bioql PyPI...
EUVD-2023-1909
Malicious code in bioql PyPI...
EUVD-2024-46265
Malicious code in bioql PyPI...
EUVD-2024-46266
Malicious code in bioql PyPI...
EUVD-2023-12818
Malicious code in bioql PyPI...
EUVD-2023-41305
Malicious code in bioql PyPI...
EUVD-2024-29857
Malicious code in bioql PyPI...
EUVD-2022-50273
Malicious code in bioql PyPI...