MAL-2025-40577 Malicious code in yonder-35awi-4hhep-ripple-project (npm)

The package yonder-35awi-4hhep-ripple-project was found to contain malicious code...

TencentOS Server 4: alertmanager (TSSA-2024:0822)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0822 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-40577

creationtimestamp| type| source ---|---|--- 2025-05-13 10:30:21+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16098 2025-05-13 10:48:12+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2cmzo5rjk2 2025-05-13 10:52:38+00:00| seen|...

CVE-2025-40577

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash o...

CVE-2025-40577

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash o...

CVE-2025-40577

The CVE-2025-40577 issue affects Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) with all versions below 4.0 HF0. An unauthenticated remote attacker can send a crafted Profinet packet that causes the dcpd process to crash, due to improper validation of incoming Profinet packets. Public sources (NVD...

CVE-2025-40577

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash o...

Linux Distros Unpatched Vulnerability : CVE-2023-40577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...

openSUSE Security Advisory (SUSE-SU-2024:0512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2024:0512-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0512-1 advisory. golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: -...

SUSE-SU-2024:0512-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: + CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI...

Debian dla-3609 : golang-github-prometheus-alertmanager-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3609 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3609-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-40577

Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote attacker to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting...

CVE-2023-40577 vulnerabilities

Vulnerabilities for packages: promxy, prometheus-alertmanager...

UBUNTU-CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

CVE-2023-40577

CVE-2023-40577 affects Prometheus Prometheus Alertmanager. The issue allows an attacker with POST permission on the /api/v1/alerts endpoint to cause arbitrary JavaScript execution in users of Alertmanager (stored XSS). The vulnerability is tied to the Alertmanager component handling incoming aler...

CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

CVE-2021-40577

creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:33+00:00| seen| https://t.me/cibsecurity/32001...

CVE-2021-40577

CVE-2021-40577 is a stored XSS vulnerability in the Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, affecting the Add-Users page via the Name parameter. The issue arises from storing unsanitized input that is later reflected, enabling a persistent script...

CVE-2022-40577

CVE-2022-40577 entry is rejected and not used.