Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus to version 3.5.3 fixes the following issues: Security issues fixed: CVE-2026-42151: AzureAD remote write: Fixed OAuth clientsecret being exposed in plaintext via /-/config endpoint bsc1263986 CVE-2026-42154: Remote-read: Reject snappy-compressed...

GHSA-7C64-F9JR-V9H2 vulnerabilities

Vulnerabilities for packages: github-mcp-server, rabbitmq-messaging-topology-operator-fips, vendir-fips, kubeflow-fips, ratify-fips, spire-controller-manager-fips, fuse-overlayfs-snapshotter, nri-nginx, harbor-scanner-trivy-fips, kube-bench, conftest-fips, multus-cni-fips, falco-exporter-fips,...

EUVD-2021-9660

Malicious code in bioql PyPI...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2021-22518

A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0...

CVE-2021-22518

Summary: CVE-2021-22518 affects the OpenText Identity Manager AzureAD Driver. The vulnerability enables logging of sensitive information into log files in all versions before 5.1.4.0. Reported impact is confidentiality risk (high), with limited other impacts (integrity/availability not affected p...

CVE-2021-22518 Sensitive Information logging in NetIQ Identity Manager Driver

A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0...

CVE-2021-22518 Sensitive Information logging in NetIQ Identity Manager Driver

A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0...

Reportly - An AzureAD User Activity Report Tool

Reportly is an AzureAD user activity report tool. About the tool This is a tool that will help blue teams during a cloud incident. When running the tool, the researcher will enter as input a suspicious user and a time frame and will receive a report detailing the following: 1. Information about t...

This Week in Spring - March 7th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's an amazing week, and this week we've got a lot to look at. Let's dive right into it. Spring Cloud Function for Azure Function Spring Data 2022.0.3 and 2021.2.9 released Spring R2DBC for Reactive Relational Databases in...

AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...

PowerZure - PowerShell Framework To Assess Azure Security

For a list of functions, their usage, and more, check outhttps://powerzure.readthedocs.io What is PowerZure? PowerZure is a PowerShell project created to assess and exploit resources within Microsoft’s cloud platform, Azure. PowerZure was created out of the need for a framework that can both...

Microsoft Offers Pro-Tips on Avoiding Credential Theft

With the scourge of digital credential theft on the rise Microsoft is urging IT admin to button-up their networks and get serious about passwords and account security. The IT behemoth posted on Tuesday a best practices cheat sheet for administrators along with updating customers on some of the...