By weakness (CWE)
CWE-1027: related vulnerabilities
CVEs classified under CWE-1027. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2025-59874HIGH 8.1
HCL Hive Telco Observability contains a Content Security Policy (CSP) configuration weakness in its Keycloak authentication component. The application is missing critical CSP directives that browsers rely on to prevent injection attacks. This gap creates conditions for attackers to inject malicious scripts or styles if they can trick users into visiting a compromised or attacker-controlled page, potentially compromising session tokens or stealing sensitive observability data.