Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2025-2586
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 11:33
Updated-08 Aug, 2025 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-OpenShift Lightspeed
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-11831
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.52% / 65.87%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 15:27
Updated-20 Aug, 2025 | 22:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Container Platform 3.11Red Hat Advanced Cluster Security 4.4RHODF-4.18-RHEL-9Logging Subsystem for Red Hat OpenShiftRed Hat Ceph Storage 8Red Hat Process Automation 7RHODF-4.16-RHEL-9Red Hat JBoss Enterprise Application Platform 7OpenShift Service Mesh 2Migration Toolkit for VirtualizationRed Hat Fuse 7OpenShift LightspeedRed Hat Enterprise Linux 10Red Hat Trusted Profile AnalyzerRed Hat Discovery 1Red Hat Quay 3Red Hat Satellite 6Cryostat 3Red Hat OpenShift Dev SpacesRed Hat JBoss Enterprise Application Platform 8RHODF-4.14-RHEL-9Red Hat Ansible Automation Platform 2Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Data Grid 8Red Hat Enterprise Linux 8RHODF-4.15-RHEL-9Red Hat Enterprise Linux 9Red Hat 3scale API Management Platform 2RHODF-4.17-RHEL-9Red Hat Advanced Cluster Security 4.5Red Hat build of OptaPlanner 8Red Hat Developer Hub.NET 6.0 on Red Hat Enterprise LinuxRed Hat OpenShift distributed tracing 3Red Hat Single Sign-On 7Red Hat OpenShift AI (RHOAI)Red Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Container Platform 4Red Hat Ceph Storage 7OpenShift ServerlessRed Hat build of Apicurio Registry 2Red Hat build of Apache Camel - HawtIO 4Red Hat Advanced Cluster Security 4OpenShift PipelinesRed Hat Integration Camel K 1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')