Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:34 a.m.8 views

CVE-2024-41809

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...

7.2CVSS6.7AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/13 8:30 p.m.4 views

CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...

3.5CVSS6.2AI score0.00027EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2024-22468

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00065EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-52862

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/02/05 1:4 p.m.10 views

CVE-2024-25106

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...

9.1CVSS6.7AI score0.00065EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 12:32 a.m.7 views

CVE-2024-55954

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...

8.7CVSS8.4AI score0.00161EPSS
Exploits0References1
NVD
NVDadded 2025/01/16 8:15 p.m.7 views

CVE-2024-55954

OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...

8.7CVSS0.00161EPSS
Exploits0References2
CVE
CVEadded 2025/01/16 7:30 p.m.72 views

CVE-2024-55954

OpenObserve CVE-2024-55954 affects the DELETE /api/{org_id}/users/{email_id} endpoint, where insufficient role checks in remove_user_from_org allow an Admin to remove a Root user. The root cause is improper authorization within the user management endpoint, enabling a non-root to delete a highest...

8.7CVSS8.4AI score0.00161EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/01/16 12:0 a.m.3 views

OpenObserve 安全漏洞

OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A security vulnerability exists in OpenObserve versions prior to 0.14.1, which stems from insufficient role checking in the user management endpoint /api/orgid/users/emailid, which violates a predetermined permissio...

8.7CVSS6.6AI score0.00161EPSS
Exploits0References3
Rows per page
Query Builder