Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

ROOT-OS-UBUNTU-2404-CVE-2025-38156 CVE-2025-38156 in rootio-linux - Patched by Root

Root has patched CVE-2025-38156 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

MAL-2025-38156 Malicious code in vbozeu (npm)

The package vbozeu was found to contain malicious code...

BELL-CVE-2025-38156

Bulletin has no description...

CVE-2025-38156

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix null-ptr-deref in mt7996mmiowedinit devmioremap returns NULL on error. Currently, mt7996mmiowedinit does not check for this case, which results in a NULL pointer dereference. Prevent null pointer dereferen...

CVE-2025-38156

CVE-2025-38156 is a Linux kernel vulnerability affecting the mt76 wifi driver and specifically the mt7996_mmio_wed_init() path. The root cause is that devm_ioremap() may return NULL on error and mt7996_mmio_wed_init() did not check for this, causing a NULL pointer dereference. Affected: Linux ker...

CVE-2024-38156

creationtimestamp| type| source ---|---|--- 2024-07-19 05:20:10+00:00| seen| https://t.me/cvedetector/1184 2025-05-03 00:16:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14633...

CVE-2024-38156

Microsoft Edge Chromium-based Spoofing Vulnerability...

CVE-2024-38156

CVE-2024-38156 affects Microsoft Edge (Chromium-based). The connected sources describe a UI spoofing (SUI) vulnerability in Edge where the web page structure protection is insufficient, enabling a deceptive user interface. Root cause: inadequate protection of page structure allows spoofing of UI ...

CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability

...

CVE-2023-38156

Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability...

CVE-2023-38156

CVE-2023-38156 concerns Azure HDInsight Ambari. Connected sources describe a privilege-escalation via insufficient access controls in Azure HDInsight Ambari/JDBC pathways, enabling a remote attacker to gain elevated privileges. The issue is reported for Azure HDInsight and Ambari components, with...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2022-38156

The CVE-2022-38156 entry concerns Kratos SpectralNet Narrowband (NB) before version 1.7.5. The vulnerability is a remote command injection in the device’s web server, allowing an admin to provide a crafted password that can execute Linux commands as root. Affected component: SpectralNet NB web se...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2021-38156

creationtimestamp| type| source ---|---|--- 2021-09-15 18:22:33+00:00| seen| https://t.me/cibsecurity/28907 2021-10-05 12:34:09+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/644 2021-10-05 13:51:13+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/645...

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard...

CVE-2021-38156

Nagios XI prior to 5.8.6 contains a cross-site scripting (XSS) flaw in the dashboard page (/dashboards/#) when an administrator edits a dashboard. The issue is authenticated, allowing injection of JavaScript that could compromise admin sessions or perform privileged actions. A fix is available: u...