Lucene search
+L

519 matches found

nessus
nessus
added 2026/07/03 12:0 a.m.8 views

Devolutions Server 2026.2.4 <= 2026.2.7 Credential Exposure (DEVO-2026-0020)

The version of Devolutions Server installed on the remote host is 2026.2.4 through 2026.2.7. It is, therefore, affected by a vulnerability: - Improper input validation in the PAM AD discovery endpoints allows an authenticated user with the UserGroupsView permission to coerce server-side...

2.7CVSS6AI score0.00216EPSS
Exploits0References2
nvd
nvd
added 2026/06/23 1:16 a.m.27 views

CVE-2026-10651

btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...

7.1CVSS0.00183EPSS
Exploits1References2
osv
osv
added 2026/06/23 1:16 a.m.4 views

UBUNTU-CVE-2026-10651

btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...

7.1CVSS6.1AI score0.00183EPSS
Exploits1References3
cve
cve
added 2026/06/22 11:54 p.m.28 views

CVE-2026-10651

The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...

7.1CVSS6AI score0.00183EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/22 11:54 p.m.5 views

CVE-2026-10651 Out-of-bounds read in Bluetooth Classic SDP attribute parsing (`bt_sdp_parse_attribute`)

btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...

7.1CVSS6.1AI score0.00183EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/22 11:54 p.m.46 views

CVE-2026-10651 Out-of-bounds read in Bluetooth Classic SDP attribute parsing (`bt_sdp_parse_attribute`)

btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...

7.1CVSS0.00183EPSS
Exploits1References2
nessus
nessus
added 2026/06/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-9549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/09 2:59 p.m.13 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
mskb
mskb
added 2026/06/09 2:0 p.m.64 views

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

None None...

9.8CVSS6.9AI score0.99962EPSS
Exploits64
nvd
nvd
added 2026/06/08 1:16 p.m.15 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00143EPSS
Exploits0References1
osv
osv
added 2026/06/08 1:16 p.m.9 views

UBUNTU-CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/08 12:7 p.m.49 views

CVE-2026-9549 Fix XSS in service discovery active check output

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00143EPSS
Exploits0References1
cve
cve
added 2026/06/08 12:7 p.m.33 views

CVE-2026-9549

Technical details are not publicly available in the provided documents. Monitor for updates.

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/08 12:7 p.m.11 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/08 12:7 p.m.11 views

CVE-2026-9549 Fix XSS in service discovery active check output

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
euvd
euvd
added 2026/06/08 12:7 p.m.11 views

EUVD-2026-35054

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
osv
osv
added 2026/06/08 12:7 p.m.3 views

CVE-2026-9549 Fix XSS in service discovery active check output

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.20 views

PT-2026-47288

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.16 views

Checkmk 跨站脚本漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions prior to Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contain a cross-site scripting vulnerability. This vulnerability stems from the service discovery active check’s output, which contains a stored...

4.8CVSS5AI score0.00143EPSS
Exploits0References2
nessus
nessus
added 2026/06/06 12:0 a.m.18 views

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-2042)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References5
Rows per page
Query Builder