70 matches found
CVE-2025-64744
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
CVE-2025-64744
OpenObserve vulnerable to HTML injection in organization invitation emails. Affected versions up to 0.16.1 render HTML from user-supplied organization names in email templates due to insufficient HTML escaping. As of publication, no patched versions are available (multiple sources corroborate acr...
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
EUVD-2025-175381
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails
OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...
PT-2025-46906
Name of the Vulnerable Software and Affected Versions OpenObserve versions prior to 0.16.2 Description OpenObserve is a cloud-native observability platform. When creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This occurs because...
OpenObserve 跨站脚本漏洞
OpenObserve is a cloud-native observability platform open-sourced by OpenObserve. A cross-site scripting vulnerability exists in OpenObserve 0.16.1 and prior versions that stems from user-controlled input not properly escaping HTML when inserted into an email template, which could lead to...
EUVD-2024-52862
Malicious code in bioql PyPI...
EUVD-2024-39198
Malicious code in bioql PyPI...
EUVD-2024-22193
Malicious code in bioql PyPI...
EUVD-2024-39197
Malicious code in bioql PyPI...
EUVD-2024-22468
Malicious code in bioql PyPI...
CVE-2024-24830
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...
CVE-2024-25106
OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...
CVE-2024-55954
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
CVE-2024-55954
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...
CVE-2024-55954 OpenObserve Improper Authorization Allows Admin User to Remove Root User
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint /api/orgid/users/emailid allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the...