280 matches found
springboot-openai-chatgpt 安全漏洞
springboot-openai-chatgpt is a SpringCloud microservices architecture based on SpringCloud by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from a business logic error and could lead to a remote attack...
Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.0 release and security update
Streams for Apache Kafka 2.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2025-25286
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...
CVE-2025-25286
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...
CVE-2025-25286 Crayfish allows Remote Code Execution via Homarus Authorization header
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...
CVE-2025-25286 Crayfish allows Remote Code Execution via Homarus Authorization header
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish version 4.1.0, remote code execution may be possible in web-accessible installations of Homarus in certain configurations. The issue has been patched in...
CVE-2025-25286
CVE-2025-25286 affects Crayfish’s Homarus FFmpeg microservice. Prior to Crayfish 4.1.0, remote code execution could occur in web-accessible installations in certain configurations. The issue has been patched in islandora/crayfish:4.1.0. Workarounds include preventing Internet access to Homarus or...
Crayfish 安全漏洞
Crayfish is a collection of Islandora microservices open-sourced by Islandora. A security vulnerability exists in Crayfish that stems from remote code execution that can occur in Homarus installations that are accessible via the Web under certain configurations...
Malicious code in starter-monorepo-microservices (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-871 Malicious code in starter-monorepo-microservices (npm)
--- -= Per source details. Do not edit below this line.=-...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)
Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Jaeger has been released Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is us...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Jaeger has been released Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is us...
Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Tempo has been released Red Hat OpenShift distributed tracing platform based on Tempo. Tempo is an open-source, easy-to-use, and highly scalable distributed tracing backend. It provides observability for microservices architectures b...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
A new version of Red Hat OpenShift distributed tracing platform Jaeger has been released Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is us...
How Is API Abuse Different from Web Application Attacks by Bots?
API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...
Monitoring Distributed Microservices
As data and usage grow, apps adopt distributed microservices with load balancers for scalability. Monitoring error rates, resource…...
Important: Red Hat Enhancement Advisory: Red Hat OpenShift Pipelines Operator Bundle 1.16.0 release
Red Hat OpenShift Pipelines 1.16.0 has been released. Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery CI/CD solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments...
Apache Seata Deserialization Vulnerability
Apache Seata is an open source distributed transaction solution , is committed to providing high performance and easy to use distributed transaction services in the microservices architecture . Apache Seata suffers from a deserialization vulnerability that can be exploited by a remote attacker to...