Lucene search
+L

44 matches found

Vulnrichment
Vulnrichment
added 2025/10/30 9:36 p.m.5 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

5.1CVSS5.9AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:36 p.m.7 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

5.1CVSS0.00407EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:36 p.m.15 views

CVE-2021-47691

The Nagios XI Core Config Manager (CCM) is affected by cross-site scripting (XSS) vulnerabilities in CCM prior to 3.1.1 and Nagios XI prior to 5.8.2. The issue arises from insufficient validation/escaping of user-supplied input in the Services page, specifically the config_name and service_descri...

5.4CVSS5.9AI score0.00407EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to version 3.1.1 and Nagios XI version 5.8....

5.4CVSS6AI score0.00407EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:54 p.m.6 views

CVE-2021-37558

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the hostname and servicedescription parameters. The vulnerability can be exploited only when a valid Knowledge Base U...

9.8CVSS7.6AI score0.02115EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2024/07/23 9:17 a.m.32 views

CVE-2024-29736

A Server-side request forgery SSRF vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured. Mitigation Mitigation for this issue is...

9.1CVSS9AI score0.01029EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.7 views

cv.igrp:igrp-core (>=2.0.0.231123-RC1 <=2.0.0.250216-GA), net.n2oapp.framework.security:coverage (>=7.2.0 <=8.0.13) +111 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=4.0.0 <=4.0.4)

org.apache.cxf:cxf-rt-rs-service-description MAVEN version =4.0.0, =2.0.0.231123-RC1, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =6.1.1, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...

9.1CVSS6.9AI score0.01029EPSS
Exploits0
OSV
OSV
added 2024/07/19 9:32 a.m.8 views

GHSA-5M3J-PXH7-455P Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

8.2CVSS7.2AI score0.01029EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.8 views

com.craterdog.maven-parent-poms:java-web-service (>=3.11 <=3.22), com.devonfw.modules:devonfw-i18n (=2.4.0) +329 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=3.0.0-milestone1 <=3.5.8)

org.apache.cxf:cxf-rt-rs-service-description MAVEN version =3.0.0-milestone1, =3.11, =1.0.0, =3.0.0, =3.0.0, =3.0.0, =1.7.2.230613, =1.7.2.230622, =2.2.24.11, =2.2.10, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.2.23.1 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...

9.1CVSS6.9AI score0.01029EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.7 views

io.hyte.platform:hyte-db (=4.4.6.hyte-24270), io.hyte.platform:hyte-mq (=4.4.6.hyte-24270) +23 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=3.6.0 <=3.6.3)

org.apache.cxf:cxf-rt-rs-service-description MAVEN version =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...

9.1CVSS7AI score0.01029EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/05/04 7:11 p.m.5 views

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

4.3CVSS5.9AI score0.01469EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/01 6:2 p.m.8 views

GHSA-2C4W-2PX5-9X3X Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message...

5.3CVSS5.8AI score0.27651EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.9 views

The vulnerability of the software used to implement the hypertext environment in the Centreon IT infrastructure monitoring software allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software for implementing the hypertext environment in the Centreon IT infrastructure monitoring software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands...

9.3CVSS8.2AI score0.02115EPSS
Exploits1References4Affected Software2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in the Centreon MediaWiki script that could allow a remote,...

9.8CVSS8.9AI score0.02115EPSS
Exploits1References3
NVD
NVD
added 2020/10/23 5:15 a.m.34 views

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

5.4CVSS0.00954EPSS
Exploits3References1
Cvelist
Cvelist
added 2020/10/23 4:27 a.m.40 views

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

5.3AI score0.00954EPSS
Exploits3References1
Kitploit
Kitploit
added 2016/03/02 9:33 p.m.31 views

Whatportis - A Command To Search Port Names And numbers

It often happens that we need to find the default port number for a specific service, or what service is normally listening on a given port. Usage This tool allows you to find what port is associated with a service: $ whatportis redis...

7.3AI score
Exploits0References1
NVD
NVD
added 2013/09/11 2:3 p.m.22 views

CVE-2013-3862

Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...

6.9CVSS6.3AI score0.01651EPSS
Exploits1References2
Prion
Prion
added 2013/09/11 2:3 p.m.22 views

Double free

Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...

6.9CVSS6.8AI score0.01651EPSS
Exploits1References2
Cvelist
Cvelist
added 2013/09/11 10:0 a.m.24 views

CVE-2013-3862

Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...

6.3AI score0.01651EPSS
Exploits1References2
Rows per page
Query Builder