Lucene search
K

171 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2025-71385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG...

6.1CVSS6AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2025-71385

A flaw was found in Netdata. A remote unauthenticated attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the api/v2/ilove.svg and api/v3/ilove.svg endpoints. By injecting malicious script into the love query parameter, an attacker could trick a victim into executing...

6.1CVSS6.2AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago36 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.00221EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2025-71385

Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2025-71385 Netdata < 2.3.1 - Reflected Cross-Site Scripting via love Parameter in ilove.svg Endpoint

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.00221EPSS
Exploits0References4
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.9AI score0.00221EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/12/03 4:52 p.m.289 views

Exploit for CVE-2024-32019

The ndsudo vulnerability allows an attacker to gain root permiss...

8.8CVSS8AI score0.01165EPSS
Exploits15
GithubExploit
GithubExploit
added 2025/11/26 12:34 a.m.258 views

Exploit for CVE-2024-32019

CVE-2024-32019 Proof of Concept Python A Python implementat...

8.8CVSS7.4AI score0.01165EPSS
Exploits15
EUVD
EUVD
added 2025/11/25 12:16 a.m.6 views

EUVD-2025-199442

Malicious code in @posthog/netdata-event-processing npm...

6.6AI score
Exploits0References3
OSV
OSV
added 2025/11/25 12:16 a.m.6 views

MAL-2025-191297 Malicious code in @posthog/netdata-event-processing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f3fdd5fe90ae01310b329b8e4892a4e79799685cdb45682fd4de592b402710e The package @posthog/netdata-event-processing was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-10552

Malware in sbrugna...

7.5CVSS7.4AI score0.02172EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-10551

Malware in sbrugna...

6.1CVSS6.6AI score0.01751EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-10550

Malware in sbrugna...

6.5CVSS6.7AI score0.01962EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-29857

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.01165EPSS
Exploits15References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-26638

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.0068EPSS
Exploits1References3
Rows per page
Query Builder