Lucene search
K

615 matches found

CVE
CVE
added 2026/07/01 9:15 p.m.13 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 2:36 p.m.12 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
RedHat Linux
RedHat Linux
added 2026/06/29 4:41 p.m.7 views

Important: Red Hat Security Advisory: Kiali 2.11.13 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.13 for Red Hat OpenShift Service Mesh 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.6CVSS6.8AI score0.01041EPSS
Exploits8References13
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 3:7 a.m.12 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.320 Vulnerability Details CVEID:CVE-2026-42009 DESCRIPTION: A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Securit...

9.8CVSS7.4AI score0.01335EPSS
Exploits4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 6:35 p.m.15 views

Malicious code in @mastra/observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d011342f74ef411523da8a4a42af220a5816766b2d519fd8f824ed35f33fdb2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/17 6:35 p.m.11 views

MAL-2026-6073 Malicious code in @mastra/observability (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d011342f74ef411523da8a4a42af220a5816766b2d519fd8f824ed35f33fdb2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/15 11:27 p.m.10 views

Important: Red Hat Security Advisory: Kiali 2.22.5 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.5 for Red Hat OpenShift Service Mesh 3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.2CVSS7.5AI score0.00848EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/15 10:39 p.m.12 views

Important: Red Hat Security Advisory: Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.2CVSS7.5AI score0.00848EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/06/15 10:32 p.m.15 views

Important: Red Hat Security Advisory: Kiali 2.17.9 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.9 for Red Hat OpenShift Service Mesh 3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.2CVSS7.5AI score0.00848EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/06/15 9:28 p.m.9 views

Important: Red Hat Security Advisory: Kiali 1.73.32 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.32 for Red Hat OpenShift Service Mesh 2.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.2CVSS6.4AI score0.00848EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/15 2:53 p.m.17 views

Important: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.9CVSS6.5AI score0.01161EPSS
Exploits2References7
NVD
NVD
added 2026/06/12 3:16 p.m.12 views

CVE-2026-47141

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS0.00308EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.11 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:17 p.m.13 views

EUVD-2026-36449

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:17 p.m.31 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS0.00308EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:17 p.m.3 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS6AI score0.00308EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 2:17 p.m.40 views

CVE-2026-47141

CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:40 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

9.1CVSS6AI score0.01736EPSS
Exploits7Affected Software1
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.33 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 p.m.12 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder