Important: Red Hat Security Advisory: Kiali 2.22.5 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.5 for Red Hat OpenShift Service Mesh 3.3 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.3. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

Important: Red Hat Security Advisory: Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

Important: Red Hat Security Advisory: Kiali 2.17.9 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.9 for Red Hat OpenShift Service Mesh 3.2 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.2. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...

Important: Red Hat Security Advisory: Kiali 1.73.32 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.32 for Red Hat OpenShift Service Mesh 2.6 is now available. An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Comm...

Important: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

CVE-2026-47141

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

EUVD-2026-36449

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

CVE-2026-47141

CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

SolarWinds Observability Self-Hosted 输入验证错误漏洞

SolarWinds Observability Self-Hosted is an observability platform developed by the American company SolarWinds. SolarWinds Observability Self-Hosted has a vulnerability related to input validation errors. This vulnerability arises when attackers can provide a specially crafted external URL,...

Important: Red Hat Security Advisory: Network Observability 1.12.0 for OpenShift

Network Observability 1.12 for Red Hat OpenShift. Network flows collector and monitoring solution...

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...