CVE-2025-59874 HCL Hive Telco Observability is affected by  a Required directives missing from the CSP .

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

PT-2025-47273

Name of the Vulnerable Software and Affected Versions SolarWinds Observability versions affected versions not specified Description The SolarWinds Platform is affected by a cross-site scripting XSS issue impacting user-created URL fields. Exploitation requires authentication from a low-level...

CVE-2025-52218

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page...

CVE-2025-52217

SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML...

SelectZero Data Observability Platform 安全漏洞

SelectZero Data Observability Platform is a data processing platform from SelectZero Estonia. A security vulnerability exists in SelectZero Data Observability Platform versions prior to 2025.5.2, which stems from an open redirection that exists in an old UI field...

CVE-2025-52217

The CVE-2025-52217 vulnerability affects SelectZero Data Observability Platform prior to version 2025.5.2. The issue stems from improper handling of user-supplied input in legacy UI fields, enabling HTML injection. Impact is HTML injection via these UI components; attack vector is user interactio...

Linux Distros Unpatched Vulnerability : CVE-2025-3415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed t...

CVE-2024-41809

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html...

CVE-2024-41809

CVE-2024-41809 OpenObserve XSS : The OpenObserve platform contains a cross-site scripting vulnerability in the file openobserve/web/src/views/MemberSubscription.vue (line 32) present in versions before 0.10.0. The issue is fixed in 0.10.0, which sanitizes incoming HTML. Several connected sources ...

CVE-2024-41808

CVE-2024-41808 concerns the OpenObserve open‑source observability platform. Multiple connected sources confirm that versions through 0.9.1 do not sufficiently sanitize user input in the log filter selection menu, creating a path to a full account takeover when combined with insecure frontend auth...

CVE-2024-25106

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/orgid/users/emailid" endpoint. This vulnerability allows any authenticated user within an organization to...

CVE-2024-24830

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

CVE-2024-24830

CVE-2024-24830 affects OpenObserve. The vulnerability lies in the "/api/{org_id}/users" endpoint, where the payload allows an authenticated regular user (member) to create new users with elevated privileges, including the root role. The root cause is that the user creation process does not valida...

CVE-2024-25106

OpenObserve CVE-2024-25106 affects OpenObserve versions prior to 0.8.0. The issue is an Authorization flaw in the remove_user_from_org flow exposed at /api/{org_id}/users/{email_id}, allowing any authenticated organizational member to remove any other member (including Admin/Root), due to insuffi...

Authorization

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...