CVE-2023-49179

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6...

CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...

PT-2025-44478

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.4 Nagios XI versions prior to 5.8.6 Description The Core Config Manager CCM in Nagios XI is subject to a reflected cross-site scripting XSS issue through the Test Command functionality. A lack of proper inpu...

WordPress plugin Sahifa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2023-23837

Malicious code in bioql PyPI...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper mTLS configuration handling. An attacker can exploit this misconfiguration to establish unauthorized connections to Redis instances that are intended to require client certificate...

PT-2025-30300 · Unknown · Hmailserver

Name of the Vulnerable Software and Affected Versions: hMailServer version 5.8.6 Description: An issue allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components. Recommendations: At the moment, there is no...

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard...

PT-2023-30040 · Space Applications Services · Yamcs

Name of the Vulnerable Software and Affected Versions: Space Applications Services Yamcs version 5.8.6 Description: The issue allows a remote attacker to execute arbitrary code via the scriptContainer variable of the ScriptViewer, potentially leading to unauthorized access or control. This is a...

PT-2023-30408 · Yamcs · Yamcs

Name of the Vulnerable Software and Affected Versions: Yamcs version 5.8.6 Description: An issue in Yamcs allows attackers to send arbitrary telecommands in a Command Stack via Clickjacking. Recommendations: For Yamcs version 5.8.6, at the moment, there is no information about a newer version tha...

GHSA-4CQV-Q33X-WFXW Yamcs Cross-site Scripting vulnerability

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which stems from the fact that it is possible to upload a display...

Yamcs Path Traversal Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which stems from a directory traversal vulnerability in the storage...

Design/Logic Flaw

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

CVE-2023-44389 Zope management interface vulnerable to stored cross site scripting via the title property

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

Zope management interface vulnerable to stored cross site scripting via the title property

Impact The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI because the title property is displayed unquoted in the breadcrumbs element. All versions of Zope 4 and Zope 5 are...

CVE-2023-1605 Denial of Service in radareorg/radare2

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6...

PT-2022-24500 · Vmware · Vmware Hyperic Server

Name of the Vulnerable Software and Affected Versions: VMware Hyperic Server version 5.8.6 Description: A remote unauthenticated insecure deserialization vulnerability exists, enabling a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the...

UBUNTU-CVE-2022-38251

Nagios XI v5.8.6 was discovered to contain a cross-site scripting XSS vulnerability via the System Performance Settings page under the Admin panel...

PT-2022-24313 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 5.8.6 Description: A SQL injection issue was found in Nagios XI via the mib name parameter at the "Manage MIBs" page. Recommendations: For Nagios XI version 5.8.6, avoid using the mib name parameter in the affected page unti...