📄 Checkmk 2.4.0p21 Cross Site Scripting

Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2025-64999

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p22 and 2.3.0p43 contained security vulnerabilities. These vulnerabilities were due to improper input handling, which could allow attackers to inject malicious JavaScript into the Synthetic...

PT-2026-22137

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.3.0 through 2.3.0p43 Checkmk versions 2.4.0 through 2.4.0p22 Description The software contains a flaw due to improper neutralization of input. An attacker who can manipulate a host's check output can inject malicious...

EUVD-2001-0853

Malware in sbrugna...

ICSLure: a Very High Interaction Honeynet for PLC-Based Industrial Control Systems

The security of Industrial Control Systems ICSs is critical to ensuring the safety of industrial processes and personnel. The rapid adoption of Industrial Internet of Things IIoT technologies has expanded system functionality but also increased the attack surface, exposing ICSs to a growing range...

CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

Centreon Web 安全漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon Web versions prior to 24.10.9, 24.04.16, and 23.10.26,...

CVE-2024-50585

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

CVE-2020-11491

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

Zen Load Balancer Path Traversal Vulnerability

ZEVENET Zen Load Balancer is an application delivery controller from ZEVENET Spain. A security vulnerability exists in Monitoring::Logs in ZEVENET Zen Load Balancer version 3.10.1. No details of the vulnerability are provided at this time...

CVE-2020-11491

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi...

NetScaler StoreFront Monitor Probe Fails on StoreFront 3.5

When we bind the StoreFront monitor to our StoreFront 3.5 servers, every hour there is an entry on the dashboard and system log that there is a failure - probe failed...

CVE-2001-0870

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file...